Improper Password Check in WWBN AVideo 11.6 and Dev Master Commit 3f7c0364 Allows Unauthorized Account Access

Improper Password Check in WWBN AVideo 11.6 and Dev Master Commit 3f7c0364 Allows Unauthorized Account Access

CVE-2022-32282 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.

Learn more about our User Device Pen Test.