CVE-2023-40173
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| fobybus | social-media-skeleton | < 1.0.5 | affected |
Weaknesses
- CWE-522: CWE-522: Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7m7g-v628
- https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6d3cb2560f5907848
- https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadc3c8052d0d489a2ef
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-rfmv-7m7g-v628
- https://github.com/fobybus/social-media-skeleton/commit/344d798e82d6cc39844962c6d3cb2560f5907848
- https://github.com/fobybus/social-media-skeleton/commit/df31da44ffed3ea065cbbadc3c8052d0d489a2ef
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.