CVE-2022-34530
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
Un problema en la funcionalidad login and reset de Backdrop CMS versiĆ³n v1.22.0, permite a atacantes enumerar los nombres de usuario por medio de peticiones de restablecimiento de contraseƱas y las distintas respuestas devueltas basadas en los nombres de usuario
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-26 CVE Reserved
- 2022-08-01 CVE Published
- 2024-02-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-640: Weak Password Recovery Mechanism for Forgotten Password
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://backdrop.com | Not Applicable | |
| https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Backdropcms Search vendor "Backdropcms" | Backdrop Cms Search vendor "Backdropcms" for product "Backdrop Cms" | <= 1.22.0 Search vendor "Backdropcms" for product "Backdrop Cms" and version " <= 1.22.0" | - |
Affected
| ||||||