Vulnerability Details : CVE-2023-40173
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
Products affected by CVE-2023-40173
- cpe:2.3:a:fobybus:social-media-skeleton:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40173
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40173
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-40173
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-40173
-
https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7m7g-v628
Weak Password Requirements in fobybus/social-media-skeleton · Advisory · fobybus/social-media-skeleton · GitHubThird Party Advisory
-
https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6d3cb2560f5907848
fixed csrf bug,improved admin/atask/setting.php and added passw.php · fobybus/social-media-skeleton@344d798 · GitHubPatch
-
https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadc3c8052d0d489a2ef
added salting tables and modified password for default users · fobybus/social-media-skeleton@df31da4 · GitHubPatch
Jump to