Update CVE-2023-6329.yaml

patch-11
Prince Chaddha 2024-09-05 11:12:52 +07:00 committed by GitHub
parent d17a8cea09
commit c34971a3b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 8 deletions

View File

@ -6,6 +6,10 @@ info:
severity: critical
description: |
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
impact: |
Successful exploitation could allow an attacker to bypass authentication controls.
remediation: |
Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -20,7 +24,7 @@ info:
vendor: controlid
product: idsecure
fofa-query: body="iDSecure"
tags: cve,cve2023,auth-bypass,idsecure,control-id
tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive
variables:
username: "{{rand_base(8)}}"
@ -46,7 +50,6 @@ javascript:
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
passwordRandom: "{{passwordRandom}}"
http:
- raw:
- |