#VU63674 Weak password requirements in Trudesk


Published: 2022-05-25

Vulnerability identifier: #VU63674

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1775

CWE-ID: CWE-521

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Trudesk
Web applications / Modules and components for CMS

Vendor: Chris Brame

Description

The vulnerability allows a remote user to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. A remote administrator can perform a brute-force attack and guess users' passwords.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Trudesk: 0.1.2 - 1.2.1

External links
http://huntr.dev/bounties/0966043c-602f-463e-a6e5-9a1745f4fbfa
http://github.com/polonel/trudesk/commit/13dd6c61fc85fa773b4065f075fceda563129c53

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Weak password requirements in Trudesk