CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://backdrop.com	Not Applicable
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*

History

08 Aug 2022, 15:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:backdropcms:backdrop_cms::::::::
CWE		CWE-640
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~(MISC) https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md -~~	(MISC) https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md - Third Party Advisory
References	~~(MISC) http://backdrop.com -~~	(MISC) http://backdrop.com - Not Applicable

01 Aug 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-01 20:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-34530

Mitre link : CVE-2022-34530

CVE.ORG link : CVE-2022-34530

JSON object : View

Products Affected

backdropcms

backdrop_cms

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

5.3 /10