CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/06/06/1
https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/	Exploit Third Party Advisory
https://cves.at/posts/cve-2022-37783/writeup/
http://www.openwall.com/lists/oss-security/2024/06/06/1
https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/	Exploit Third Party Advisory
https://cves.at/posts/cve-2022-37783/writeup/

Configurations

Configuration 1 (hide)

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:15

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2024/06/06/1 -~~	() http://www.openwall.com/lists/oss-security/2024/06/06/1 -
References	~~() https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/ - Exploit, Third Party Advisory~~	() https://at-trustit.tuv.at/tuev-trust-it-cves/cve-disclosure-of-password-hashes/ - Exploit, Third Party Advisory
References	~~() https://cves.at/posts/cve-2022-37783/writeup/ -~~	() https://cves.at/posts/cve-2022-37783/writeup/ -

10 Jun 2024, 17:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/06/06/1 -
Summary		(es) Todas las versiones de Craft CMS entre 3.0.0 y 3.7.32 revelan hashes de contraseñas de usuarios que se autentican utilizando su dirección de correo electrónico o nombre de usuario en tokens Anti-CSRF. Craft CMS utiliza una cookie llamada CRAFT_CSRF_TOKEN y un campo oculto HTML llamado CRAFT_CSRF_TOKEN para evitar ataques de Cross Site Request Forgery. La cookie CRAFT_CSRF_TOKEN revela el hash de la contraseña sin codificarlo, mientras que el campo oculto HTML correspondiente revela el hash de la contraseña de los usuarios de manera enmascarada, que puede decodificarse mediante el uso de funciones públicas del framework YII.

Information

Published : 2022-12-05 21:15

Updated : 2024-11-21 07:15

NVD link : CVE-2022-37783

Mitre link : CVE-2022-37783

CVE.ORG link : CVE-2022-37783

JSON object : View

Products Affected

craftcms

craft_cms

CWE

CWE-522

Insufficiently Protected Credentials

7.5 /10