Lucene search
@huntrdevCVELIST:CVE-2022-2822HistoryAug 15, 2022 - 10:30 a.m.
CVE-2022-2822 Authentication Bypass by Primary Weakness in octoprint/octoprint
2022-08-1510:30:17
CWE-307
@huntrdev
www.cve.org
1
cve-2022-2822
brute force
password guessing
administrative accounts
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
51.0%
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
CNA Affected
[
{
"product": "octoprint/octoprint",
"vendor": "octoprint",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
veracode
veracode
Privilege Escalation
2022-08-16 05:38:36
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
nvd
nvd
CVE-2022-2822
2022-08-15 11:21:32
cve
cve
CVE-2022-2822
2022-08-15 11:21:32
prion
prion
Default credentials
2022-08-15 11:21:00
huntr
huntr
No rate limit on main Login page lead to account takeover
2022-08-12 20:03:31
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
51.0%
Related for CVELIST:CVE-2022-2822