CVE-2017-8342

Name: CVE-2017-8342
Creator: NVD / NIST
Published: 2017-04-30T15:59:00.153+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.02%

Last modified Jun 17, 2026

CVE-2017-8342 is a vulnerability of currently unknown severity. Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.. EPSS estimates a 2.02% chance of exploitation in the next 30 days.

Description

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

Metrics

EPSS Probability

2.02%

78.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-362

Affected Software

Vendor	Product	Versions	Update
Radicale	Radicale	<= 1.1.1	—
Radicale	Radicale	2.0.0	Rc1

References

https://bugs.debian.org/861514Exploit, Issue Tracking, Patch, VDB Entry
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rstRelease Notes, Third Party Advisory
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2dPatch, Third Party Advisory
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183bPatch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html
https://bugs.debian.org/861514Exploit, Issue Tracking, Patch, VDB Entry
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rstRelease Notes, Third Party Advisory
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2dPatch, Third Party Advisory
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183bPatch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00019.html

Timeline

Published: Apr 30, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-8342?

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

How severe is CVE-2017-8342?

Severity scoring for CVE-2017-8342 is pending analysis. The EPSS model estimates a 2.02% probability of exploitation in the next 30 days.

How do I fix CVE-2017-8342?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-8342?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST