CVE-2023-3222

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:password_recovery_project:password_recovery:1.2:*:*:*:*:roundcube:*:*

History

08 Sep 2023, 14:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin -~~	(MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin - Third Party Advisory
CWE		CWE-640
First Time		Password Recovery Project Password Recovery Project password Recovery
CPE		cpe:2.3:a:password_recovery_project:password_recovery:1.2:::::roundcube::

04 Sep 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-04 13:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-3222

Mitre link : CVE-2023-3222

CVE.ORG link : CVE-2023-3222

JSON object : View

Products Affected

password_recovery_project

password_recovery

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2023-3222", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-04T13:15:33.987", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user\u00b4s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el mecanismo de recuperaci\u00f3n de contrase\u00f1as del plugin Password Recovery para Roundcube, en su versi\u00f3n 1.2, que podr\u00eda permitir a un atacante remoto cambiar la contrase\u00f1a de un usuario existente a\u00f1adiendo un token num\u00e9rico de 6 d\u00edgitos. Un atacante podr\u00eda crear un script autom\u00e1tico para probar todos los valores posibles, ya que la plataforma no tiene l\u00edmite en el n\u00famero de peticiones. "}], "lastModified": "2023-09-08T14:07:29.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:password_recovery_project:password_recovery:1.2:*:*:*:*:roundcube:*:*", "vulnerable": true, "matchCriteriaId": "5AC9878D-1A6B-46C0-843F-69EF179F85D6"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}