PT-2022-27672 · Unknown · Planet Estream
Hrvoje Filakovic
+2
·
Published
2022-12-25
·
Updated
2023-01-04
·
CVE-2022-45893
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Planet eStream versions prior to 6.72.10.07
Description
The issue allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the
ON cookie. A brute-force attack can calculate a value that provides permanent access.Recommendations
For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the
ON cookie to minimize the risk of exploitation.Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Planet Estream