Vulnerabilities > CVE-2022-45893 - Improper Restriction of Excessive Authentication Attempts vulnerability in Planetestream Planet Estream

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

planetestream

CWE-307

NVD

Published: 2022-12-25

Updated: 2023-01-04

Summary

Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.

Vulnerable Configurations

Part	Description	Count
Application	Planetestream Planetestream Planet Estream -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/