CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
Configurations

Configuration 1 (hide)

cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:09

Type Values Removed Values Added
References () http://backdrop.com - Not Applicable () http://backdrop.com - Not Applicable
References () https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md - Third Party Advisory () https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md - Third Party Advisory

08 Aug 2022, 15:25

Type Values Removed Values Added
CPE cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*
CWE CWE-640
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References (MISC) https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md - (MISC) https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md - Third Party Advisory
References (MISC) http://backdrop.com - (MISC) http://backdrop.com - Not Applicable

01 Aug 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-01 20:15

Updated : 2024-11-21 07:09


NVD link : CVE-2022-34530

Mitre link : CVE-2022-34530

CVE.ORG link : CVE-2022-34530


JSON object : View

Products Affected

backdropcms

  • backdrop_cms
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password