CVE-2022-22789 MEDIUM

CVE-2022-22789: Charactell - FormStorm Enterprise Account Take Over

Vendor Charactell
Product FormStorm Enterprise
Published January 25, 2022
Last update August 3, 2024

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Key dates

02Disclosure timeline

January 25, 2022 CVE published
August 3, 2024 Record updated