Delphix Continuous Data
Monthly
Brute-force protection bypass in Perforce Delphix Continuous Data lets remote attackers defeat the account lockout mechanism by firing concurrent authentication requests that race the failed-login counter, allowing unlimited password guessing against a targeted account. The flaw is a time-of-check/time-of-use race (CWE-307) rather than a direct code-execution bug, and no public exploit identified at time of analysis. It matters because it silently neutralizes a control administrators rely on to stop credential-stuffing and password-spraying.
Brute-force protection bypass in Perforce Delphix Continuous Data lets remote attackers defeat the account lockout mechanism by firing concurrent authentication requests that race the failed-login counter, allowing unlimited password guessing against a targeted account. The flaw is a time-of-check/time-of-use race (CWE-307) rather than a direct code-execution bug, and no public exploit identified at time of analysis. It matters because it silently neutralizes a control administrators rely on to stop credential-stuffing and password-spraying.