Brute Force of fabric-ca server admin account
High
H
Hyperledger
Submitted None
Actions:
Reported by
xiaoc
Vulnerability Details
Technical details and impact analysis
## fabric-ca server
- Default configuration maxenrollments value -1(enable outside enrollment)
- Listening 0.0.0.0:7054(easily discoved and can be reached)
- No limit to wrong password try
Above conditions result in brute force to CA server admin account
## Impact
## Attack gain a high-level permissioned account to permissioned network and can add\delete\update\query
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Restriction of Authentication Attempts