CVE-2022-44023 : PwnDoc through 0.5.3 might allow remote attackers to identify disabled user acco

PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.

Published 2022-10-30 00:15:10

Updated 2024-05-02 17:15:08

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-44023

Pwndoc Project » Pwndoc
Versions up to, including, (<=) 0.5.3
cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-44023

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-44023

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-44023

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-44023

https://cve.nstsec.com/cve-2022-44023

CVE-2022-44023 | Common Vulnerabilities and Exposures
https://github.com/pwndoc/pwndoc/issues/382

(Vulnerability) Disabled user account enumeration via different responses · Issue #382 · pwndoc/pwndoc · GitHub
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-44023

Products affected by CVE-2022-44023

Exploit prediction scoring system (EPSS) score for CVE-2022-44023

CVSS scores for CVE-2022-44023

CWE ids for CVE-2022-44023

References for CVE-2022-44023