CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
25.9%
Cacti provides an operational monitoring and fault management framework.
Prior to version 1.2.27, Cacti calls compat_password_hash
when users set
their password. compat_password_hash
use password_hash
if there is it,
else use md5
. When verifying password, it calls compat_password_verify
.
In compat_password_verify
, password_verify
is called if there is it,
else use md5
. password_verify
and password_hash
are supported on PHP
< 5.5.0, following PHP manual. The vulnerability is in
compat_password_verify
. Md5-hashed user input is compared with correct
password in database by $md5 == $hash
. It is a loose comparison, not
===
. It is a type juggling vulnerability. Version 1.2.27 contains a patch
for the issue.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
25.9%