GHSA-44w5-q257-8428

Source

https://github.com/advisories/GHSA-44w5-q257-8428

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-44w5-q257-8428/GHSA-44w5-q257-8428.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-44w5-q257-8428

Aliases

CVE-2022-2921

Published

2022-08-22T00:00:52Z

Modified

2023-11-08T04:09:10.574701Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Exposure of password hashes in notrinos/notrinos-erp

Details

The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash (MD5) of the password can be easily cracked and get the admin password.

Database specific

{
    "nvd_published_at": "2022-08-21T04:15:00Z",
    "github_reviewed_at": "2022-08-30T20:49:50Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-359"
    ]
}

References

Affected packages

Packagist / notrinos/notrinos-erp

Package

Name: notrinos/notrinos-erp
Purl: pkg:composer/notrinos/notrinos-erp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7

Affected versions

0.*

0.6