CVE-2018-11554 - OpenCVE

The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yzmcms	Yzmcms

Configuration 1 [-]

cpe:2.3:a:yzmcms:yzmcms:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-05T11:00:00

Updated: 2018-06-05T10:57:01

Reserved: 2018-05-29T00:00:00

Link: CVE-2018-11554

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-05T11:29:00.243

Modified: 2018-07-31T19:40:35.207

Link: CVE-2018-11554

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-05T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11554", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md", "refsource": "MISC", "url": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11554", "datePublished": "2018-06-05T11:00:00", "dateReserved": "2018-05-29T00:00:00", "dateUpdated": "2018-06-05T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yzmcms:yzmcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3C1618-180F-4D02-9C23-09FF75FC3F33", "versionEndIncluding": "3.7", "versionStartIncluding": "3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach."}, {"lang": "es", "value": "La funcionalidad de contrase\u00f1a olvidada en index.php/member/reset/reset_email.html en YzmCMS, de la versi\u00f3n v3.2 hasta la v3.7 tiene un problema de exposici\u00f3n de informaci\u00f3n por discrepancia en la respuesta y un tiempo de vida inesperadamente largo para un c\u00f3digo de verificaci\u00f3n. Esto hace que a los atacantes remotos les sea m\u00e1s sencillo secuestrar cuentas mediante un enfoque de fuerza bruta."}], "id": "CVE-2018-11554", "lastModified": "2018-07-31T19:40:35.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-05T11:29:00.243", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}