We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-22789

Charactell - FormStorm Enterprise Account Take Over



AssignerINCD
Reserved2022-01-07
Published2022-01-25
Updated2024-08-03

Description

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.



MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Problem types

Account Take Over

Product status

FormStorm Enterprise version 9.00.065 9.00.065
affected

Credits

Michael Starchenko

References

https://www.gov.il/en/departments/faq/cve_advisories

cve.org CVE-2022-22789

nvd.nist.gov CVE-2022-22789

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.