CVE-2022-34530

Published: Aug 1, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

Affected (1)

Products: Backdropcms: Backdrop Cms

Backdropcms

1 product

Backdrop Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Backdropcms Backdrop Cms	Up to 1.22.0

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

http://backdrop.com

Source: cve@mitre.org

Not Applicable

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md

Source: cve@mitre.org

Third Party Advisory

http://backdrop.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.