Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSNPSCVELIST:CVE-2023-2158
HistoryApr 27, 2023 - 5:04 p.m.

CVE-2023-2158 Impersonation through User-Controlled Token

2023-04-2717:04:22
CWE-321
SNPS
www.cve.org
impersonation
user-controlled token
code dx
vulnerability
cipher
cvss
attack

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user’s account by crafting a custom “Remember Me” token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.  Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Code Dx",
    "vendor": "Synopsys",
    "versions": [
      {
        "lessThanOrEqual": "2023.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
prion
prion
Hardcoded credentials
2023-04-27 18:15:00
nvd
nvd
CVE-2023-2158
2023-04-27 18:15:13
cve
cve
CVE-2023-2158
2023-04-27 18:15:13

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON
Related for CVELIST:CVE-2023-2158
prion1nvd1cve1