CVE-2022-22789 - Vulnerability Details - OpenCVE

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Charactell

FormStorm Enterprise

affected

Version	Status	Constraints
`FormStorm Enterprise version 9.00.065 9.00.065`	affected	—

Configuration 1 [-]

cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Charactell Subscribe	Formstorm Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-27932	Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Fixes

Solution

A patch was released, Charactell - FormStorm Enterprise version 9.00.066

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/departments/faq/cve_advisories

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2022-01-25T19:11:08

Updated: 2024-08-03T03:21:49.165Z

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22789

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-25T20:15:08.953

Modified: 2024-11-21T06:47:27.307

Link: CVE-2022-22789

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-312

{"containers": {"cna": {"affected": [{"product": "FormStorm Enterprise", "vendor": "Charactell ", "versions": [{"status": "affected", "version": "FormStorm Enterprise version 9.00.065 9.00.065"}]}], "credits": [{"lang": "en", "value": "Michael Starchenko"}], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Account Take Over", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-25T19:11:08", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}, "title": "Charactell - FormStorm Enterprise Account Take Over", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cyber.gov.il", "ID": "CVE-2022-22789", "STATE": "PUBLIC", "TITLE": "Charactell - FormStorm Enterprise Account Take Over"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FormStorm Enterprise", "version": {"version_data": [{"version_name": "FormStorm Enterprise version 9.00.065", "version_value": "9.00.065"}]}}]}, "vendor_name": "Charactell "}]}}, "credit": [{"lang": "eng", "value": "Michael Starchenko"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Account Take Over"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.165Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}]}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-22789", "datePublished": "2022-01-25T19:11:08", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2024-08-03T03:21:49.165Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2969F303-4E6C-4481-9E8A-7A6386FDA210", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}, {"lang": "es", "value": "Charactell - FormStorm Enterprise Account takeover - Un atacante puede modificar (a\u00f1adir, eliminar y actualizar) el archivo de contrase\u00f1as de todos los usuarios. El archivo xx_users.ini de la carpeta FormStorm contiene nombres de usuario en texto sin cifrar y una contrase\u00f1a ofuscada. Un usuario malicioso puede hacerse con una cuenta al sustituir la contrase\u00f1a existente en el archivo"}], "id": "CVE-2022-22789", "lastModified": "2024-11-21T06:47:27.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-25T20:15:08.953", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}