CVE-2022-3206Cleartext Transmission of Sensitive Info in Project Passster

CWE-319Cleartext Transmission of Sensitive InfoCWE-522Insufficiently Protected CredentialsCWE-326Inadequate Encryption Strength3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 56.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Passster Project Passster
Timeline
PublishedOct 17

Description

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDpassster_project/passster< 3.5.5.5.2

🔴Vulnerability Details

2
GHSA
GHSA-7j63-969g-r2jp: The Passster WordPress plugin before 32022-10-17
CVEList
Passster < 3.5.5.5.2 - Insecure Storage of Password2022-10-17
CVE-2022-3206 — Passster Project Passster vulnerability | cvebase