Partial String Comparison

CVE-2022-31802

High

9.8/10

Summary

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-187 - Partial String Comparison

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

References

Advisory Timeline

Published Jun 24, 2022

Partial String Comparison

CVE-2022-31802

Summary

CWE-187 - Partial String Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS