Update CVE-2023-6329.yaml
parent
d17a8cea09
commit
c34971a3b2
|
@ -6,6 +6,10 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
|
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
|
||||||
|
impact: |
|
||||||
|
Successful exploitation could allow an attacker to bypass authentication controls.
|
||||||
|
remediation: |
|
||||||
|
Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
|
@ -20,7 +24,7 @@ info:
|
||||||
vendor: controlid
|
vendor: controlid
|
||||||
product: idsecure
|
product: idsecure
|
||||||
fofa-query: body="iDSecure"
|
fofa-query: body="iDSecure"
|
||||||
tags: cve,cve2023,auth-bypass,idsecure,control-id
|
tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
username: "{{rand_base(8)}}"
|
username: "{{rand_base(8)}}"
|
||||||
|
@ -46,7 +50,6 @@ javascript:
|
||||||
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
|
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
|
||||||
passwordRandom: "{{passwordRandom}}"
|
passwordRandom: "{{passwordRandom}}"
|
||||||
|
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
|
|
Loading…
Reference in New Issue