Dreamer CMS <4.1.3: Remote DoS via Password Hash Calc
CVE-2023-2473 Published on May 2, 2023
Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.
Vulnerability Analysis
CVE-2023-2473 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Advisory disclosed
CVE reserved
VulDB entry created
VulDB entry last update 22 days later.
Weakness Type
Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
Products Associated with CVE-2023-2473
stack.watch emails you whenever new vulnerabilities are published in Dreamercmsproject Dreamer Cms or Iteachyou Dreamer Cms. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.