Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbFrancesco CarlucciWPVDB-ID:7920C1C1-709D-4B1F-AC08-F0A02DDB329C
HistoryNov 10, 2022 - 12:00 a.m.

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

2022-11-1000:00:00
Francesco Carlucci
wpscan.com
7
clerk plugin
version 4.0.0
authentication bypass
api keys
time-based attacks
comparison operators
poc
postman get call
security vulnerability
software

EPSS

0.002

Percentile

57.9%

JSON

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.

PoC

- Install the plugin and set the API creds to: - Key: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - Private Key: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - Set up a postman GET call to http:///wp-json/clerk/getconfig?key=1&private;_key=2 - Set up a postman GET call to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab - Run multiple times to get a faster response (on average) on the first request, which fails sooner.

Related

nvd 1
prion 1
wpexploit 1
patchstack 1
cve 1
cvelist 1
nvd
nvd
CVE-2022-3907
2022-12-05 17:15:10
prion
prion
Cross site scripting
2022-12-05 17:15:00
wpexploit
wpexploit
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-11-10 00:00:00
patchstack
patchstack
WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability
2022-11-10 00:00:00
cve
cve
CVE-2022-3907
2022-12-05 17:15:10
cvelist
cvelist
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-12-05 16:50:39

EPSS

0.002

Percentile

57.9%

JSON
Related for WPVDB-ID:7920C1C1-709D-4B1F-AC08-F0A02DDB329C
nvd1prion1wpexploit1patchstack1cve1cvelist1