Lucene search
GoogleOSV:CVE-2022-22110HistoryJan 05, 2022 - 3:15 p.m.
CVE-2022-22110
2022-01-0515:15:07
Google
osv.dev
3
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force usersβ passwords with minimal to no computational effort.
| CPE | Name | Operator | Version |
|---|---|---|---|
| daybydaycrm | eq | 1.1 | |
| daybydaycrm | eq | 1.3.1 | |
| daybydaycrm | eq | 1.1.1 | |
| daybydaycrm | eq | 1.2 | |
| daybydaycrm | eq | 1.3.4 | |
| daybydaycrm | eq | 1.1.6 | |
| daybydaycrm | eq | 1.3.3 | |
| daybydaycrm | eq | 1.1.2 | |
| daybydaycrm | eq | 1.3.5 | |
| daybydaycrm | eq | 1.1.5 |
Related
osv
osv
Weak Password Requirements in Daybyday CRM
2022-01-08 00:31:51
github
github
Weak Password Requirements in Daybyday CRM
2022-01-08 00:31:51
cvelist
cvelist
CVE-2022-22110 DayByDay CRM - Weak Password Requirements in Update User
2022-01-05 15:05:21
prion
prion
Default credentials
2022-01-05 15:15:00
nvd
nvd
CVE-2022-22110
2022-01-05 15:15:07
cnvd
cnvd
DayByDay CRM Information Disclosure Vulnerability (CNVD-2022-68550)
2022-01-06 00:00:00
cve
cve
CVE-2022-22110
2022-01-05 15:15:07