WordPress Plugin Vulnerabilities

Passster < 3.5.5.5.2 - Insecure Storage of Password

Description

The plugin stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.

Affects Plugins

Plugin icon
content-protector
Fixed in 3.5.5.5.2

References

CVE
CVE-2022-3206

Classification

Type
INSUFFICIENT CRYPTOGRAPHY
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-326
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
raadfhaddad
Verified
Yes
WPVDB ID
a8963750-62bf-403e-a906-94f371ed2a7a

Timeline

Publicly Published
2022-09-21 (about 1 years ago)
Added
2022-09-21 (about 1 years ago)
Last Updated
2022-09-21 (about 1 years ago)

Other

Published
Title
Published
2023-07-14
Title
All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password
Published
2023-11-21
Title
UserPro < 5.1.2 - Insecure Password Reset Mechanism
Published
2023-10-20
Title
SALESmanago < 3.2.5 - Log Injection via Weak Authentication Token
Published
2023-06-02
Title
User Email Verification for WooCommerce <= 3.5.0 - Authentication bypass via weak token generation
Published
2022-03-16
Title
Download Manager < 3.2.39 - Unauthenticated brute force of files master key