Lucene search
HistoryAug 15, 2022 - 11:21 a.m.
CVE-2022-2822
brute force
username password
account takeover
access
administrative accounts
cve-2022-2822
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
Affected configurations
Node
octoprintoctoprintRange<1.9.0
Related
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
veracode
veracode
Privilege Escalation
2022-08-16 05:38:36
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
cvelist
cvelist
cve
cve
CVE-2022-2822
2022-08-15 11:21:32
prion
prion
Default credentials
2022-08-15 11:21:00
huntr
huntr
No rate limit on main Login page lead to account takeover
2022-08-12 20:03:31
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
51.0%
Related for NVD:CVE-2022-2822