CVE-2018-15681

{"id": "CVE-2018-15681", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-09-05T21:29:01.670", "references": [{"url": "https://rastating.github.io/xbtit-multiple-vulnerabilities/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}, {"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the \"pass\" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password."}, {"lang": "es", "value": "Se ha descubierto un problema en BTITeam XBTIT 2.5.4. Cuando un usuario inicia sesi\u00f3n, su hash de contrase\u00f1a se \"rehashea\" utilizando una sal predecible y almacenada en la cookie \"pass\", que lo est\u00e1 marcada como HTTPOnly. Debido a la sal d\u00e9bil y predecible que est\u00e1 en uso, un atacante que logre robar la cookie podr\u00e1 realizar un ataque de fuerza bruta sobre ella para recuperar la contrase\u00f1a del usuario en texto claro."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:btiteam:xbtit:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E6123FB-5B38-4B54-8C15-C133BC911CDF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}