Radicale before 1.1.2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. References: https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst Upstream patch: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
Created radicale tracking bugs for this issue: Affects: epel-7 [bug 1447246] Affects: fedora-all [bug 1447247]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.