WordPress Plugin Vulnerabilities

Passster < 3.5.5.5.2 - Insecure Storage of Password

Description

The plugin stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.

Affects Plugins

content-protector

Fixed in version 3.5.5.5.2

References

CVE

CVE-2022-3206

Classification

Type

INSUFFICIENT CRYPTOGRAPHY

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-326

Miscellaneous

Original Researcher

Raad Haddad of Cloudyrion GmbH

Submitter

Raad Haddad of Cloudyrion GmbH

Submitter twitter

raadfhaddad

Verified

Yes

WPVDB ID

a8963750-62bf-403e-a906-94f371ed2a7a

Timeline

Publicly Published

2022-09-21 (about 6 months ago)

Added

2022-09-21 (about 6 months ago)

Last Updated

2022-09-21 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin