CVE-2022-46997 in Passhunt
Summary
by MITRE • 12/14/2022
Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/21/2025
The vulnerability identified as CVE-2022-46997 represents a critical security flaw in the Passhunt application that was introduced through a malicious commit in the software development lifecycle. This backdoor was embedded within the request package, which serves as a fundamental component for handling network communications and data transfers within the application. The malicious code execution mechanism was designed to operate covertly, allowing unauthorized parties to gain access to sensitive user data without detection. The vulnerability demonstrates a significant failure in code review processes and supply chain security practices, as the malicious code was successfully merged into the legitimate codebase and distributed to users.
The technical implementation of this backdoor leverages the request package to establish covert communication channels with external malicious servers, enabling attackers to exfiltrate user information and digital currency keys stored within the application. The flaw operates at the application layer, exploiting trust relationships between components and potentially bypassing standard authentication mechanisms. This vulnerability creates a persistent access point that can be used for privilege escalation, allowing attackers to move laterally within the system and potentially gain administrative control over user accounts. The backdoor's implementation likely involves the use of command injection techniques or dynamic code execution that executes malicious payloads when the application processes specific network requests.
The operational impact of CVE-2022-46997 extends beyond simple data theft, as it provides attackers with the capability to escalate privileges and maintain persistent access to affected systems. Users who interact with the compromised Passhunt application face significant risks including identity theft, financial loss through cryptocurrency key compromise, and potential compromise of other accounts that may share similar credentials. The backdoor's presence in the request package means that any network communication initiated by the application could potentially be exploited, creating a broad attack surface that affects all users of the vulnerable version. This vulnerability aligns with attack patterns documented in the attack tree framework where initial access through supply chain compromise leads to privilege escalation and data exfiltration.
Security professionals should implement immediate mitigations including the complete removal of the compromised code, verification of system integrity through cryptographic checksums, and comprehensive monitoring for unauthorized network communications. Organizations should conduct thorough code audits to identify similar backdoor patterns and implement automated scanning tools to detect malicious code within dependency packages. The vulnerability highlights the importance of software supply chain security practices and the need for robust code review processes that include dependency verification. This incident demonstrates the critical need for adherence to security standards such as those outlined in the CWE catalog, particularly focusing on CWE-494 which addresses the download of code without integrity verification. Organizations should also consider implementing network segmentation and monitoring to detect suspicious communication patterns that may indicate backdoor activity, following recommended practices from the MITRE ATT&CK framework's initial access and persistence domains.