PT-2023-21157 · Directus · Directus

Erik Van Oosbree

Published

2023-03-07

Updated

2023-03-14

CVE-2023-27481

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Directus versions prior to 9.16.0

Description The issue allows users with read access to the password field in directus users to extract argon2 password hashes by brute forcing the export functionality combined with a starts with filter. This enables the enumeration of password hashes. However, taking over accounts is unlikely with current hardware unless the hashes can be reversed.

Recommendations For versions prior to 9.16.0, upgrade to version 9.16.0 or later to patch the issue. As a temporary workaround for users unable to upgrade, ensure that no user has read access to the password field in directus users.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-27481

GHSA-M5Q3-8WGF-X8XF

Affected Products

Directus

PT-2023-21157 · Directus · Directus

CVE-2023-27481

Weakness Enumeration

Related Identifiers

Affected Products

References · 10