CVE-2023-50172

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-50172
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
History

18 Jan 2024, 14:28

Type Values Removed Values Added
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897 - Exploit, Third Party Advisory
First Time Wwbn
Wwbn avideo

12 Jan 2024, 18:15

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de omisión de notificación de recuperación en la funcionalidad de validación de captcha userRecoverPass.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede dar lugar a la creación silenciosa de un código de acceso de recuperación para cualquier usuario.
Summary (en) A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user. (en) A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1897', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-10 16:15

Updated : 2024-01-18 14:28

NVD link : CVE-2023-50172

Mitre link : CVE-2023-50172

CVE.ORG link : CVE-2023-50172

JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password