CVE-2018-1000812

20.12.2018, 15:29

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
artica	integria_ims	𝑥 ≤ 5.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References

https://cp270.wordpress.com/2018/05/14/war-story-password-resets/

https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047

https://github.com/fleetcaptain/integria-takeover

https://cp270.wordpress.com/2018/05/14/war-story-password-resets/

https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047

https://github.com/fleetcaptain/integria-takeover