Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victims HTTP request, get the victims cookie, perform a base64 decode on the victims cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.
Weakness
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Strapi | Strapi | * | 3.6.9 (excluding) |
| Strapi | Strapi | 4.0.0 (including) | 4.1.5 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/474.html
- https://cwe.mitre.org/data/definitions/50.html
- https://cwe.mitre.org/data/definitions/509.html
- https://cwe.mitre.org/data/definitions/551.html
- https://cwe.mitre.org/data/definitions/555.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/561.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/644.html
- https://cwe.mitre.org/data/definitions/645.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html
References
- http://packetstormsecurity.com/files/166915/Strapi-3.6.8-Password-Disclosure-Insecure-Handling.html
- https://github.com/strapi/strapi/pull/12246
- https://hub.docker.com/r/strapi/strapi
- https://strapi.io/
- http://packetstormsecurity.com/files/166915/Strapi-3.6.8-Password-Disclosure-Insecure-Handling.html
- https://github.com/strapi/strapi/pull/12246
- https://hub.docker.com/r/strapi/strapi
- https://strapi.io/