Skip to content

An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Notifications You must be signed in to change notification settings

njmbb8/CVE-2024-42850

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Writeup

Logging in with a single character password

When changing your password, upon submission of the new password, the password is first sent in a POST request to an endpoint which checks to ensure that the password is in compliance with complexity requirements.

Request to check conformity

After Silverpeas has confirmed that the password meets the requirements, a separate POST request is made to update the account with the password with no checks, leading to a possibility of setting a single character password.

Request to update account

Account update confirmation

About

An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published