CVE-2022-34530
First published: Mon Aug 01 2022(Updated: )
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Backdrop CMS | <=1.22.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-34530.
What is the title of the vulnerability?
The title of the vulnerability is 'An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to e…'.
What is the severity of CVE-2022-34530?
The severity of CVE-2022-34530 is medium, with a severity value of 5.3.
How does CVE-2022-34530 affect Backdrop CMS?
CVE-2022-34530 affects Backdrop CMS v1.22.0.
How can the vulnerability be exploited?
The vulnerability can be exploited by attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/backdropcms
- canonical/backdrop cms
- version/backdrop cms/1.22.0