Описание
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
6.1 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-312
Связанные уязвимости
github
около 4 лет назад
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
EPSS
Процентиль: 18%
0.00056
Низкий
6.1 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-312