CVE-2022-34530

MEDIUM

Backdropcms Backdrop Cms < 1.22.0 - Password Reset Weakness

Title source: rule

Description

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

References (2)

[Third Party Advisory] https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md

View Writeup ZIP pw:eip

[Not Applicable] http://backdrop.com

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-640

Status published

Products (1)

backdropcms/backdrop_cms < 1.22.0

Published Aug 01, 2022

Tracked Since Feb 18, 2026