CVE-2024-9305

Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

Published: Oct 16, 2024 / Updated: 35d ago

010
CVSS 8.1EPSS 0.06%High
CVE info copied to clipboard

Summary

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This vulnerability is due to insufficient controls in the appp_reset_password() and validate_reset_password() functions, which fail to prevent successful brute force attacks on the OTP used for password changes. Additionally, these functions do not properly verify if a password reset request originated from an authorized user.

Impact

This vulnerability allows unauthenticated attackers to generate and brute force an OTP, enabling them to change any user's password, including administrators. This can lead to complete account takeover and unauthorized access to the WordPress site with elevated privileges. The potential impacts include: 1. Unauthorized access to sensitive information 2. Modification or deletion of website content 3. Installation of malicious plugins or themes 4. Potential lateral movement to other connected systems 5. Reputational damage to the organization Given the high impact on confidentiality, integrity, and availability, this vulnerability is considered severe and should be prioritized for patching.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, since the vulnerability affects "all versions up to, and including, 4.4.4" of the AppPresser – Mobile App Framework plugin for WordPress, it is likely that a patched version higher than 4.4.4 may be available or forthcoming. The security team should check for updates to the plugin and apply them as soon as they become available.

Mitigation

While waiting for a patch, consider the following mitigation strategies: 1. Temporarily disable the AppPresser – Mobile App Framework plugin if it's not critical for operations. 2. Implement additional security layers, such as Web Application Firewalls (WAF), to detect and block potential brute force attempts. 3. Monitor and log all password reset attempts, setting up alerts for suspicious activity. 4. Implement IP-based rate limiting for password reset requests. 5. Educate users about the importance of strong, unique passwords and enable two-factor authentication where possible. 6. Regularly audit user accounts and access privileges, removing unnecessary administrative access. 7. Keep WordPress core, themes, and other plugins up-to-date to minimize overall attack surface.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9305

Oct 16, 2024 at 2:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9305. See article

Oct 16, 2024 at 2:18 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 16, 2024 at 2:18 AM
CVSS

A CVSS base score of 8.1 has been assigned.

Oct 16, 2024 at 2:20 AM / nvd
EPSS

EPSS Score was set to: 0.06% (Percentile: 27.9%)

Oct 16, 2024 at 9:58 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Attack Patterns

CAPEC-50: Password Recovery Exploitation
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI