CVE-2022-0828
Download Manager < 3.2.39 - Unauthenticated brute force of files master key
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
El plugin Download Manager de WordPress versiones anteriores a 3.2.39, usa la funciĆ³n php uniqid para generar la clave maestra para una descarga, permitiendo a un atacante forzar la clave con recursos razonables dando acceso directo a la descarga independientemente de las restricciones basadas en el rol o las protecciones de contraseƱa establecidas para la descarga
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-02 CVE Reserved
- 2022-03-16 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-326: Inadequate Encryption Strength
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpdownloadmanager Search vendor "Wpdownloadmanager" | Wordpress Download Manager Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" | < 3.2.34 Search vendor "Wpdownloadmanager" for product "Wordpress Download Manager" and version " < 3.2.34" | wordpress |
Affected
|