CVE-2023-3423 : Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.

Published 2023-06-27 04:15:11

Updated 2023-07-06 16:07:05

Source huntr.dev

View at NVD, CVE.org

Products affected by CVE-2023-3423

Fit2cloud » Cloudexplorer Lite
Versions before (<) 1.2.0
cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Assigned by: security@huntr.dev (Primary)

https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/7d4dab60352079953b7be120afe9bd14983ae3bc

fix: 用户修改密码增加后端接口校验 · CloudExplorer-Dev/CloudExplorer-Lite@7d4dab6 · GitHub
Patch
https://huntr.dev/bounties/dd19c7d0-70f1-4d86-a552-611dfa8e0139

The web app does not verify weak password at backend vulnerability found in cloudexplorer-lite
Exploit;Patch;Third Party Advisory

Jump to