Lucene search
Veracode Vulnerability DatabaseVERACODE:36787HistoryAug 22, 2022 - 4:57 p.m.
Unauthorized Password Change
2022-08-2216:57:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
octoprint
unauthenticated
password
vulnerability
api
user cookie
EPSS
0.001
Percentile
17.8%
Octoprint does not prevent unauthenticated password changes. The vulnerability is due to the API not requiring the previous user password during the reset. An attacker with access to the user cookie can reset the password without knowledge of the current password.
References
github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f#diff-dc31d985e0a9b21d4aac0690f739ac664c1c8619b22fc7591ff4663c89993758
huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477/
Related
github
github
Unverified Password Change in OctoPrint
2022-08-23 00:00:19
osv
osv
CVE-2022-2930
2022-08-22 12:15:09
Unverified Password Change in OctoPrint
2022-08-23 00:00:19
prion
prion
Default credentials
2022-08-22 12:15:00
huntr
huntr
Weak Password Change Mechanism
2022-08-20 23:57:33
cvelist
cvelist
CVE-2022-2930 Unverified Password Change in octoprint/octoprint
2022-08-22 11:35:11
nvd
nvd
CVE-2022-2930
2022-08-22 12:15:09
cve
cve
CVE-2022-2930
2022-08-22 12:15:09