Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Weak Password Requirements in Daybyday CRM
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.
Permalink: https://github.com/advisories/GHSA-96v6-hrwg-p378JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-96v6-hrwg-p378, CVE-2022-22110
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-22110
- https://github.com/Bottelet/DaybydayCRM/commit/a0392f4a4a14e1e3fedaf6817aefce69b6bd661b
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22110
- https://github.com/advisories/GHSA-96v6-hrwg-p378
Blast Radius: 1.0
Affected Packages
packagist:bottelet/flarepoint
Dependent packages: 0Dependent repositories: 0
Downloads: 70 total
Affected Version Ranges: >= 1.1, < 2.2.1
Fixed in: 2.2.1
All affected versions: 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 2.0.0, 2.1.0, 2.2.0
All unaffected versions: 2.2.1