Headline
CVE-2023-3222: Multiple Vulnerabilities Roundcube Password Recovery Plugin | INCIBE-CERT
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
Affected Resources
Roundcube Password Recovery Plugin, 1.2 version
Description
INCIBE has coordinated the publication of 2 vulnerabilities in the password recovery plugin for Roundcube, which have been discovered by Pedro José Navas Pérez of Hispasec.
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector string and the CWE vulnerability type of each vulnerability:
- CVE-2023-3221: CVSS v3.1: 5,3 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CWE-204.
- CVE-2023-3222: CVSS v3.1: 7,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-640.
Solution
There is no reported solution at this time.
Detail
CVE-2023-3221: user enumeration vulnerability, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
CVE-2023-3222: vulnerability in the password recovery mechanism, which could allow a remote attacker to change an existing user’s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.