CVE-2024-5657 - OpenCVE

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Born05	Two-factor Authentication

Configuration 1 [-]

cpe:2.3:a:born05:two-factor_authentication:*:*:*:*:*:craftcms:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/06/06/1	Exploit Mailing List Third Party Advisory
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4	Release Notes
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure	Exploit Third Party Advisory
https://plugins.craftcms.com/two-factor-authentication?craft4	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sba-research

Published: 2024-06-06T10:29:40.393Z

Updated: 2024-06-06T10:29:40.393Z

Reserved: 2024-06-05T16:36:00.302Z

Link: CVE-2024-5657

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-06T11:15:49.277

Modified: 2024-06-11T17:40:47.823

Link: CVE-2024-5657

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5657", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2024-06-05T16:36:00.302Z", "datePublished": "2024-06-06T10:29:40.393Z", "dateUpdated": "2024-06-06T10:29:40.393Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CraftCMS Plugin - Two-Factor Authentication", "repo": "https://github.com/born05/craft-twofactorauthentication", "vendor": "Born05", "versions": [{"lessThanOrEqual": "3.3.3", "status": "affected", "version": "3.3.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Fabian Funder (SBA Research)"}, {"lang": "en", "type": "finder", "value": "Jakob Pachmann (SBA Research)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.</div></div>"}], "value": "The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2024-06-06T10:29:40.393Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure"}, {"tags": ["product"], "url": "https://plugins.craftcms.com/two-factor-authentication?craft4"}, {"tags": ["release-notes"], "url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/06/1"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to version 3.3.4 or later."}], "value": "Update to version 3.3.4 or later."}], "source": {"discovery": "UNKNOWN"}, "title": "CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T15:45:33.517016Z", "id": "CVE-2024-5657", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T15:45:58.497Z"}}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:born05:two-factor_authentication:*:*:*:*:*:craftcms:*:*", "matchCriteriaId": "D650F748-210A-4894-BEAD-3EA2D7DDACE2", "versionEndExcluding": "3.3.4", "versionStartIncluding": "3.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP."}, {"lang": "es", "value": "El complemento CraftCMS Autenticaci\u00f3n de dos factores en las versiones 3.3.1, 3.3.2 y 3.3.3 revela el hash de contrase\u00f1a del usuario actualmente autenticado despu\u00e9s de enviar un TOTP v\u00e1lido."}], "id": "CVE-2024-5657", "lastModified": "2024-06-11T17:40:47.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2024-06-06T11:15:49.277", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/06/06/1"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Release Notes"], "url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Product"], "url": "https://plugins.craftcms.com/two-factor-authentication?craft4"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}