CVE-2024-34340 - OpenCVE

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-13T15:26:32.364Z

Updated: 2024-05-13T15:26:32.364Z

Reserved: 2024-05-02T06:36:32.436Z

Link: CVE-2024-34340

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-14T15:38:39.517

Modified: 2024-06-10T17:16:28.827

Link: CVE-2024-34340

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-34340", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-02T06:36:32.436Z", "datePublished": "2024-05-13T15:26:32.364Z", "dateUpdated": "2024-05-13T15:26:32.364Z"}, "containers": {"cna": {"title": "Authentication Bypass when using using older password hashes", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-697", "lang": "en", "description": "CWE-697: Incorrect Comparison", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "affected": [{"vendor": "Cacti", "product": "cacti", "versions": [{"version": "< 1.2.27", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-13T15:26:32.364Z"}, "descriptions": [{"lang": "en", "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue."}], "source": {"advisory": "GHSA-37x7-mfjv-mm7m", "discovery": "UNKNOWN"}}}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue."}, {"lang": "es", "value": "Cacti proporciona un framework de monitoreo operativo y gesti\u00f3n de fallas. Antes de la versi\u00f3n 1.2.27, Cacti llama a `compat_password_hash` cuando los usuarios establecen su contrase\u00f1a. `compat_password_hash` usa `password_hash` si lo hay, de lo contrario usa `md5`. Al verificar la contrase\u00f1a, llama a `compat_password_verify`. En `compat_password_verify`, se llama a `password_verify` si existe; de lo contrario, use `md5`. `password_verify` y `password_hash` son compatibles con PHP < 5.5.0, siguiendo el manual de PHP. La vulnerabilidad est\u00e1 en `compat_password_verify`. La entrada del usuario con hash Md5 se compara con la contrase\u00f1a correcta en la base de datos mediante `$md5 == $hash`. Es una comparaci\u00f3n vaga, no `===`. Es un tipo de vulnerabilidad que hace malabarismos. La versi\u00f3n 1.2.27 contiene un parche para el problema."}], "id": "CVE-2024-34340", "lastModified": "2024-06-10T17:16:28.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-14T15:38:39.517", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-697"}], "source": "security-advisories@github.com", "type": "Secondary"}]}