PT-2023-29038 · Emsigner · Emsigner
Jean Paul Granados
·
Published
2023-11-13
·
Updated
2024-09-03
·
CVE-2023-43901
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
EMSigner version 2.8.7
Description
The issue is related to incorrect access control in the AdHoc User creation form, allowing unauthenticated attackers to modify usernames and privileges using the email address of a registered user.
Recommendations
For EMSigner version 2.8.7, consider restricting access to the AdHoc User creation form until a patch is available. As a temporary workaround, limit the ability to modify usernames and privileges to authenticated and authorized users only.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emsigner