CVE-2022-44411

2022-11-25T16:15:00

Description

Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.

Affected Software

CPE Name	Name	Version
web_based_quiz_system_project:web_based_quiz_system	web based quiz system project web based quiz system	1.0

{"id": "CVE-2022-44411", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-44411", "description": "Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.", "published": "2022-11-25T16:15:00", "modified": "2022-11-29T21:17:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44411", "reporter": "cve@mitre.org", "references": ["https://shimo.im/docs/5xkGMZx0ZeUmpx3X"], "cvelist": ["CVE-2022-44411"], "immutableFields": [], "lastseen": "2022-11-29T23:11:14", "viewCount": 12, "enchantments": {"score": {"value": 5.8, "vector": "NONE"}, "twitter": {"counter": 10, "tweets": [{"link": "https://twitter.com/CVEnew/status/1596183240972410880", "text": "CVE-2022-44411 Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. https://t.co/2uYxpM9EKT", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}, {"link": "https://twitter.com/www_sesin_at/status/1596190766099009536", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2022-44411) has been published on https://t.co/5u9BFFWX5L", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1596190764156993542", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2022-44411) has been published on https://t.co/fDX1dbuz7S", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}, {"link": "https://twitter.com/hernanespinoza/status/1596189819557773315", "text": "CVEnew: CVE-2022-44411 Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. https://t.co/nXb9alvoXY", "author": "hernanespinoza", "author_photo": "https://pbs.twimg.com/profile_images/1547685026636017665/VkgyrG2V_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1596186163747860481", "text": " NEW: CVE-2022-44411 Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. https://t.co/sV65HgjjhZ", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "affected_software": {"major_version": [{"name": "web based quiz system project web based quiz system", "version": 1}]}, "vulnersScore": 5.8}, "_state": {"dependencies": 1669763543, "score": 1669763622, "twitter": 0, "affected_software_major_version": 1671611801}, "_internal": {"score_hash": "8c086dba1749377f585c0474a1504cd4"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:web_based_quiz_system_project:web_based_quiz_system:1.0"], "cpe23": ["cpe:2.3:a:web_based_quiz_system_project:web_based_quiz_system:1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-319"], "affectedSoftware": [{"cpeName": "web_based_quiz_system_project:web_based_quiz_system", "version": "1.0", "operator": "eq", "name": "web based quiz system project web based quiz system"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:web_based_quiz_system_project:web_based_quiz_system:1.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://shimo.im/docs/5xkGMZx0ZeUmpx3X", "name": "https://shimo.im/docs/5xkGMZx0ZeUmpx3X", "refsource": "MISC", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}]}

{"cnvd": [{"lastseen": "2022-12-07T11:24:09", "description": "Web Based Quiz System is a web-based quiz system for janobe individual developers. version v1.0 of Web Based Quiz System is vulnerable to information disclosure, which can be exploited by attackers to obtain user passwords through brute force cracking.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-29T00:00:00", "type": "cnvd", "title": "Web Based Quiz System Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-44411"], "modified": "2022-12-07T00:00:00", "id": "CNVD-2022-85511", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-85511", "cvss": {"score": 0.0, "vector": "NONE"}}]}

CVE-2022-44411

Description

Affected Software

Related