Vulnerability CVE-2014-5385


Published: 2014-08-21   Modified: 2014-08-22

Description:
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Shopizer -> Shopizer 

 References:
http://seclists.org/fulldisclosure/2014/Jul/38
http://www.securityfocus.com/archive/1/532726/100/0/threaded

Copyright 2024, cxsecurity.com

 

Back to Top