CVE-2022-2822

Published: Aug 15, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.

Affected (1)

Products: Octoprint: Octoprint

Octoprint

1 product

Octoprint

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Octoprint Octoprint	Before 1.9.0

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (4)

https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.