Update CVE-2023-6329.yaml
parent
d17a8cea09
commit
c34971a3b2
|
@ -6,6 +6,10 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
|
||||
impact: |
|
||||
Successful exploitation could allow an attacker to bypass authentication controls.
|
||||
remediation: |
|
||||
Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -20,7 +24,7 @@ info:
|
|||
vendor: controlid
|
||||
product: idsecure
|
||||
fofa-query: body="iDSecure"
|
||||
tags: cve,cve2023,auth-bypass,idsecure,control-id
|
||||
tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive
|
||||
|
||||
variables:
|
||||
username: "{{rand_base(8)}}"
|
||||
|
@ -46,7 +50,6 @@ javascript:
|
|||
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
|
||||
passwordRandom: "{{passwordRandom}}"
|
||||
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
|
|
Loading…
Reference in New Issue