9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.1%
Cacti provides an operational monitoring and fault management framework.
Prior to version 1.2.27, Cacti calls compat_password_hash
when users set
their password. compat_password_hash
use password_hash
if there is it,
else use md5
. When verifying password, it calls compat_password_verify
.
In compat_password_verify
, password_verify
is called if there is it,
else use md5
. password_verify
and password_hash
are supported on PHP
< 5.5.0, following PHP manual. The vulnerability is in
compat_password_verify
. Md5-hashed user input is compared with correct
password in database by $md5 == $hash
. It is a loose comparison, not
===
. It is a type juggling vulnerability. Version 1.2.27 contains a patch
for the issue.
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.1%