Summaryinfo

A vulnerability was found in i-doit pro and open 25 and classified as critical. This impacts an unknown function. The manipulation results in weak password. This vulnerability is cataloged as CVE-2023-37756. The attack may be launched remotely. There is no exploit available. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability, which was classified as problematic, was found in i-doit pro and open 25. Affected is an unknown code. The manipulation with an unknown input leads to a weak password vulnerability. CWE is classifying the issue as CWE-521. The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. This is going to have an impact on confidentiality. CVE summarizes:

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.

The weakness was shared 09/15/2023. The advisory is available at github.com. This vulnerability is traded as CVE-2023-37756 since 07/10/2023. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1552 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-41632). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• i-doit

Name

• open
• pro

Version

• 25

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion