Skip to content
/ CVE-2024-42850 Public

An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

njmbb8/CVE-2024-42850

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
badpw.PNG
badpw.PNG
 
 
confirmation.PNG
confirmation.PNG
 
 
login.PNG
login.PNG
 
 
password_check.PNG
password_check.PNG
 
 

Repository files navigation

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Writeup

Logging in with a single character password

When changing your password, upon submission of the new password, the password is first sent in a POST request to an endpoint which checks to ensure that the password is in compliance with complexity requirements.

Request to check conformity

After Silverpeas has confirmed that the password meets the requirements, a separate POST request is made to update the account with the password with no checks, leading to a possibility of setting a single character password.

Request to update account

Account update confirmation

About

An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published