Vulnerability-Lookup

GHSA-7F94-WGHQ-3RP7

Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02

Details

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.",
  "id": "GHSA-7f94-wghq-3rp7",
  "modified": "2022-02-02T00:02:02Z",
  "published": "2022-01-26T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22789"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/departments/faq/cve_advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-22789 (GCVE-0-2022-22789)

Vulnerability from cvelistv5 – Published: 2022-01-25 19:11 – Updated: 2024-08-03 03:21

Title

Charactell - FormStorm Enterprise Account Take Over

Summary

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

CWE

Account Take Over

Assigner

INCD

References

URL

Tags

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Charactell	FormStorm Enterprise	Affected: FormStorm Enterprise version 9.00.065 9.00.065

Credits

Michael Starchenko

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:49.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FormStorm Enterprise",
          "vendor": "Charactell",
          "versions": [
            {
              "status": "affected",
              "version": "FormStorm Enterprise version 9.00.065 9.00.065"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael Starchenko"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Account Take Over",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-25T19:11:08.000Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.gov.il/en/departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
        }
      ],
      "source": {
        "advisory": "ILVN-2022-0010",
        "defect": [
          "ILVN-2022-0010"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Charactell - FormStorm Enterprise Account Take Over",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@cyber.gov.il",
          "ID": "CVE-2022-22789",
          "STATE": "PUBLIC",
          "TITLE": "Charactell - FormStorm Enterprise Account Take Over"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FormStorm Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "FormStorm Enterprise version 9.00.065",
                            "version_value": "9.00.065"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Charactell"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Michael Starchenko"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Account Take Over"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.gov.il/en/departments/faq/cve_advisories",
              "refsource": "MISC",
              "url": "https://www.gov.il/en/departments/faq/cve_advisories"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
          }
        ],
        "source": {
          "advisory": "ILVN-2022-0010",
          "defect": [
            "ILVN-2022-0010"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2022-22789",
    "datePublished": "2022-01-25T19:11:08.000Z",
    "dateReserved": "2022-01-07T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:21:49.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-7F94-WGHQ-3RP7

CVE-2022-22789 (GCVE-0-2022-22789)

Tags

Sightings

Nomenclature