CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://plextrac.com	Product
https://www.controlgap.com/blog/a-plextrac-story	Technical Description Third Party Advisory
http://plextrac.com	Product
https://www.controlgap.com/blog/a-plextrac-story	Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:14

Type	Values Removed	Values Added
References	~~() http://plextrac.com - Product~~	() http://plextrac.com - Product
References	~~() https://www.controlgap.com/blog/a-plextrac-story - Technical Description, Third Party Advisory~~	() https://www.controlgap.com/blog/a-plextrac-story - Technical Description, Third Party Advisory

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-668~~	CWE-203

Information

Published : 2022-09-08 01:15

Updated : 2024-11-21 07:14

NVD link : CVE-2022-37146

Mitre link : CVE-2022-37146

CVE.ORG link : CVE-2022-37146

JSON object : View

Products Affected

plextrac

plextrac

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2022-37146", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-09-08T01:15:07.490", "references": [{"url": "http://plextrac.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.controlgap.com/blog/a-plextrac-story", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://plextrac.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.controlgap.com/blog/a-plextrac-story", "tags": ["Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated."}, {"lang": "es", "value": "La plataforma PlexTrac versiones anteriores a 1.28.0 permite la enumeraci\u00f3n de nombres de usuario por medio de tiempos de respuesta HTTP en intentos de inicio de sesi\u00f3n no v\u00e1lidos para usuarios configurados para usar el proveedor de autenticaci\u00f3n PlexTrac. Los intentos de inicio de sesi\u00f3n para usuarios desbloqueados v\u00e1lidos configurados para usar PlexTrac como su proveedor de autenticaci\u00f3n tardan mucho m\u00e1s que los de usuarios no v\u00e1lidos, lo que permite a un atacante remoto no autenticado enumerar a usuarios v\u00e1lidos. Tenga en cuenta que la pol\u00edtica de bloqueo implementada en Plextract versi\u00f3n 1.17.0 hace que sea imposible distinguir entre cuentas de usuario v\u00e1lidas bloqueadas y cuentas de usuario que no existen, pero no impide que se enumeren usuarios v\u00e1lidos desbloqueados"}], "lastModified": "2024-11-21T07:14:31.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0322295-011C-4161-8DCA-C44C413DC551", "versionEndExcluding": "1.28.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}