CVE-2017-16946

Published November 25th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

MISP/MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

GitHub

6.38K