CVE-2017-16946

Name of the Vulnerable Software and Affected Versions MISP version 2.4.82

Description The issue concerns the admin edit function in the UsersController.php file, which improperly handles the enable password field. This mishandling allows administrators to obtain a hashed password by reading the audit log.

Recommendations For MISP version 2.4.82, consider restricting access to the audit log to prevent administrators from discovering hashed passwords until a fix is available. Additionally, review the admin edit function in app/Controller/UsersController.php to ensure proper handling of the enable password field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.