CVE-2017-11717 - OpenCVE

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Metinfo Project	Metinfo

Configuration 1 [-]

cpe:2.3:a:metinfo_project:metinfo:*:*:*:*:*:*:*:*

References

Link	Resource
https://lncken.cn/?p=343	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-28T05:00:00

Updated: 2017-07-28T04:57:01

Reserved: 2017-07-27T00:00:00

Link: CVE-2017-11717

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-28T05:29:00.933

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-11717

JSON object: View

Redhat Information

No data.

CWE

CWE-290

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metinfo_project:metinfo:*:*:*:*:*:*:*:*", "matchCriteriaId": "8205EF34-EC30-4AB3-B13D-FAA94FEE4053", "versionEndIncluding": "5.3.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page."}, {"lang": "es", "value": "En MetInfo hasta la versi\u00f3n 5.3.17 acepta la misma respuesta CAPTCHA por 120 segundos, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos omitir los requisitos de desaf\u00edo previstos al modificar el flujo de datos hacia el servidor cliente, como es demostrado por la p\u00e1gina de login/findpass."}], "id": "CVE-2017-11717", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-28T05:29:00.933", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lncken.cn/?p=343"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}]}