CVE-2022-3376

Published: Oct 6, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

Affected (4)

Products: Ikus Soft: Rdiffweb

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ikus Soft Rdiffweb	Up to 2.4.10
Ikus Soft Rdiffweb	Version 2.5.0 alpha1
Ikus Soft Rdiffweb	Version 2.5.0 alpha2
Ikus Soft Rdiffweb	Version 2.5.0 alpha3

Related CWEs

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (4)

https://github.com/ikus060/rdiffweb/commit/2ffc2af65c8f8113b06e0b89929c604bcdf844b9

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/a9021e93-6d18-4ac1-98ce-550c4697a4ed

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/ikus060/rdiffweb/commit/2ffc2af65c8f8113b06e0b89929c604bcdf844b9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/a9021e93-6d18-4ac1-98ce-550c4697a4ed

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.