{"id":21718,"date":"2023-12-21T14:08:18","date_gmt":"2023-12-21T13:08:18","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=21718"},"modified":"2024-01-02T10:16:49","modified_gmt":"2024-01-02T09:16:49","slug":"usd-2022-0057","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2022-0057\/","title":{"rendered":"usd-2022-0057"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.23.1\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n<h1>usd-2022-0057 | Weak Password Reset Mechanism in CPTO 6.3.8.6<\/h1>\n<h1><\/h1>\n<p><strong>Advisory ID<\/strong>: usd-2022-0057<br \/><strong>Product<\/strong>: Cash Point &amp; Transport Optimizer CPTO<br \/><strong>Affected Version<\/strong>: 6.3.8.6 (#718) 06.07.2021<br \/><strong>Vulnerability Type<\/strong>: CWE 640 - Weak Password Recovery Mechanism for Forgotten Password<br \/><strong>Security Risk<\/strong>: Low<br \/><strong>Vendor URL<\/strong>: <a href=\"https:\/\/www.sesami.io\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.sesami.io\/<\/a><br \/><strong>Vendor acknowledged vulnerability<\/strong>: Yes<br \/><strong>Vendor Status<\/strong>: Fixed<br \/><strong>CVE number<\/strong>: CVE-2023-31300<br \/><strong>CVE Link<\/strong>: Pending<\/p>\n<h3>Description<\/h3>\n<p>The Reset Password feature sends new passwords unencrypted in clear text via email.<\/p>\n<h3>Fix<\/h3>\n<p>Users should update CPTO to its current version.<\/p>\n<p>An email should be sent to the users authorized email id with a link which will take the user to a page for resetting the password. This link should be SSL-enabled and active for only a short time. This way the actual password is never seen. The security benefits of this method are: The password is not sent in the mail and since the link is active for a short time, there is no harm even if the mail remains in the mailbox for a long time.<\/p>\n<h3>References<\/h3>\n<p><a href=\"https:\/\/owasp.org\/www-community\/OWASP_Application_Security_FAQ\" target=\"_blank\" rel=\"noopener\">https:\/\/owasp.org\/www-community\/OWASP_Application_Security_FAQ<\/a><\/p>\n<h3>Timeline<\/h3>\n<ul>\n<li><strong>2022-11-03<\/strong>: Vulnerabilities discovered by Marcus Nilsson.<\/li>\n<li><strong>2022-11-28<\/strong>: The Responsible Disclosure tries to establish contact with vendor for the first time.<\/li>\n<li><strong>2023-04-27<\/strong>: CVE IDs are requested and subsequently reserved.<\/li>\n<li><strong>2023-05-12<\/strong>: Trying to establish contact via phone and email has been unsucessful, usd AG's customer notifies the team that vulnerabilities should by fixed come autumn.<\/li>\n<li><strong>2023-11-23<\/strong>: Marcus Nilsson got in touch with vendor, the advisories shall be published without a Proof-Of-Concept of the exploits in December.<\/li>\n<li><strong>2022-12-21<\/strong>: Advisory published by usd AG.<\/li>\n<\/ul>\n<h3>Credits<\/h3>\n<p>This security vulnerability was found by Marcus Nilsson of usd AG.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2022-0057 | Weak Password Reset Mechanism in CPTO 6.3.8.6 Advisory ID: usd-2022-0057Product: Cash Point &amp; Transport Optimizer CPTOAffected Version: 6.3.8.6 (#718) 06.07.2021Vulnerability Type: CWE 640 - Weak Password Recovery Mechanism for Forgotten PasswordSecurity Risk: LowVendor URL: https:\/\/www.sesami.io\/Vendor acknowledged vulnerability: YesVendor Status: FixedCVE number: CVE-2023-31300CVE Link: Pending Description The Reset Password feature sends new passwords unencrypted [&hellip;]<\/p>\n","protected":false},"author":114,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-21718","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/114"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=21718"}],"version-history":[{"count":4,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21718\/revisions"}],"predecessor-version":[{"id":21849,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21718\/revisions\/21849"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=21718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}