CVE Vulnerability

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://twitter.com/onyaktech Third Party Advisory
https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:onyaktech_comments_pro_project:onyaktech_comments_pro:3.8:*:*:*:*:*:*:*
Information

Published : 2021-09-07 05:15

Updated : 2021-09-13 03:14

NVD link : CVE-2021-33484

Mitre link : CVE-2021-33484

Products Affected
No products.
CWE
CWE-798