CVE-2017-16946

NONE EPSS 60.8%
Published Nov 25, 20178y ago · Modified Jun 22, 20261w ago
Find Similar
Published Nov 25, 2017 8y ago
Last Modified Jun 22, 2026 1w ago

Description

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

Threat Intelligence

EPSS Exploit Probability
60.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-532

Affected Products 1

VendorProductVersionRange
misp-projectmisp2.4.82any

References 1

  • github.com https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c
    Patch

Remediation

  • github.com https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c
    Patch