CVE-2022-22110
HIGH7.5EPSS 0.28%Weak Password Requirements in Daybyday CRM
發布日:2022/1/8修改日:2024/2/19
描述
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
受影響套件(1)
- Packagist/bottelet/flarepoint>= 1.1, < 2.2.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |