CVE-2023-45669

{"id": "CVE-2023-45669", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-10-16T19:15:11.167", "references": [{"url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["Technical Description"], "source": "[email protected]"}, {"url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"}, {"lang": "es", "value": "WebAuthn4J Spring Security proporciona soporte de especificaci\u00f3n de autenticaci\u00f3n web para aplicaciones Spring. Las versiones afectadas est\u00e1n sujetas a un manejo inadecuado del valor del contador de firmas. Se encontr\u00f3 una falla en webautn4j-spring-security-core. Cuando un autenticador devuelve un valor de contador de firma incrementado durante la autenticaci\u00f3n, webauthn4j-spring-security-core no conserva correctamente el valor, lo que significa que la detecci\u00f3n del autenticador clonado no funciona. Un atacante que clon\u00f3 un autenticador v\u00e1lido de alguna manera puede utilizar el autenticador clonado sin ser detectado. Este problema se solucion\u00f3 en la versi\u00f3n `0.9.1.RELEASE`. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-11-21T08:27:10.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webauthn4j:spring_security:*:*:*:*:*:spring:*:*", "vulnerable": true, "matchCriteriaId": "C036992E-5946-498B-A788-E72C49955376", "versionEndExcluding": "0.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}