CVE-2022-26314

Published: Mar 8, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Affected (2)

Products: Mendix: Forgot Password

1 product

Forgot Password

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mendix Forgot Password	Before 3.2.2
Mendix Forgot Password	From 3.3.0 to 3.5.1

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf

Source: productcert@siemens.com

MitigationPatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.