PT-2018-3765 · Dnn · Dnn

Publicado

2018-10-01

Atualizado

2023-03-03

CVE-2018-18325

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions DNN (aka DotNetNuke) versions 9.2 through 9.2.2

Description The issue is related to the use of a weak encryption algorithm to protect input parameters, which could allow a remote attacker to gain unauthorized access to protected information. This problem exists due to an incomplete fix for a previous issue.

Recommendations For DNN (aka DotNetNuke) versions 9.2 through 9.2.2, consider updating to a version that uses a stronger encryption algorithm to protect input parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

BDU:2021-05679

CVE-2018-18325

GHSA-J3G9-6FX5-GJV7

Produtos afetados

Dnn

PT-2018-3765 · Dnn · Dnn

CVE-2018-18325

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12