CVE-2022-2921

HIGH8.8EPSS 0.46%

Exposure of password hashes in notrinos/notrinos-erp

發布日:2022/8/22修改日:2023/11/8

描述

The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash (MD5) of the password can be easily cracked and get the admin password.

受影響套件(1)

Packagist/notrinos/notrinos-erpfrom 0, < 0.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2921
PATCHhttps://github.com/notrinos/NotrinosERP
WEBhttps://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45
WEBhttps://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c