CVE-2023-35039
Password Reset with Code for WordPress REST API <= 0.0.15 - Weak Password Recovery Mechanism
criticalWeak Password Recovery Mechanism for Forgotten Password
9.8
CVSS Score
9.8
CVSS Score
critical
Severity
0.0.16
Patched in
162d
Time to patch
Description
The Password Reset with Code for WordPress REST API is vulnerable to a Weak Password Recovery Mechanism in versions up to, and including, 0.0.15. This allows unauthenticated attackers to set a 4-digit password recovery code for arbitrary users that, if guessed correctly, will allow them to reset the password for that user. Although each code is only allowed 3 tries by default, there is no restriction on the number of code generation attempts allowed, effectively reducing the entropy of the password reset mechanism to 4 digits. Additionally the code generation mechanism uses str_shuffle which does not use a cryptographically secure PNRG.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAttack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
High
Confidentiality
High
Integrity
High
Availability
Technical Details
Affected versions
<=0.0.15PublishedAugust 14, 2023
Last updatedJanuary 22, 2024
Affected pluginbdvs-password-reset
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.