Vulnerability-Lookup

CNVD-2022-10722

Vulnerability from cnvd - Published: 2022-02-16

Title

Wire授权问题漏洞

Description

Wire是个人开发者的一款聊天软件。该软件支持 Web、WindowsiOS、Android、OS X 平台，有群组功能，可以语音通话，发送照片以及其独创性的打招呼方式 PING。 Wire存在授权问题漏洞，如果攻击者获得旧的但有效的访问令牌，他们可以通过更改电子邮件来接管帐户。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Wire授权问题漏洞的补丁

Patch Description

Wire是个人开发者的一款聊天软件。该软件支持 Web、WindowsiOS、Android、OS X 平台，有群组功能，可以语音通话，发送照片以及其独创性的打招呼方式 PING。 Wire存在授权问题漏洞，如果攻击者获得旧的但有效的访问令牌，他们可以通过更改电子邮件来接管帐户。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-41093

Impacted products

Name
Wire Wire <3.86

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-41093"
    }
  },
  "description": "Wire\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u6b3e\u804a\u5929\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301 Web\u3001WindowsiOS\u3001Android\u3001OS X \u5e73\u53f0\uff0c\u6709\u7fa4\u7ec4\u529f\u80fd\uff0c\u53ef\u4ee5\u8bed\u97f3\u901a\u8bdd\uff0c\u53d1\u9001\u7167\u7247\u4ee5\u53ca\u5176\u72ec\u521b\u6027\u7684\u6253\u62db\u547c\u65b9\u5f0f PING\u3002\n\nWire\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u65e7\u7684\u4f46\u6709\u6548\u7684\u8bbf\u95ee\u4ee4\u724c\uff0c\u4ed6\u4eec\u53ef\u4ee5\u901a\u8fc7\u66f4\u6539\u7535\u5b50\u90ae\u4ef6\u6765\u63a5\u7ba1\u5e10\u6237\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-10722",
  "openTime": "2022-02-16",
  "patchDescription": "Wire\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u6b3e\u804a\u5929\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301 Web\u3001WindowsiOS\u3001Android\u3001OS X \u5e73\u53f0\uff0c\u6709\u7fa4\u7ec4\u529f\u80fd\uff0c\u53ef\u4ee5\u8bed\u97f3\u901a\u8bdd\uff0c\u53d1\u9001\u7167\u7247\u4ee5\u53ca\u5176\u72ec\u521b\u6027\u7684\u6253\u62db\u547c\u65b9\u5f0f PING\u3002\r\n\r\nWire\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u65e7\u7684\u4f46\u6709\u6548\u7684\u8bbf\u95ee\u4ee4\u724c\uff0c\u4ed6\u4eec\u53ef\u4ee5\u901a\u8fc7\u66f4\u6539\u7535\u5b50\u90ae\u4ef6\u6765\u63a5\u7ba1\u5e10\u6237\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Wire\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Wire Wire \u003c3.86"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-41093",
  "serverity": "\u9ad8",
  "submitTime": "2021-10-09",
  "title": "Wire\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-41093 (GCVE-0-2021-41093)

Vulnerability from cvelistv5 – Published: 2021-10-04 18:15 – Updated: 2024-08-04 02:59

Title

Account takeover when having only access to a user's short lived token

Summary

Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-285 - Improper Authorization

Assigner

GitHub_M

References

URL

Tags

	https://github.com/wireapp/wire-ios/security/advi…	x_refsource_CONFIRM
	https://github.com/wireapp/wire-ios-sync-engine/s…	x_refsource_MISC
	https://github.com/wireapp/wire-ios-transport/sec…	x_refsource_MISC
	https://github.com/wireapp/wire-server/security/a…	x_refsource_MISC
	https://github.com/wireapp/wire-ios/commit/b0e7bb…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	wireapp	wire-ios	Affected: < 3.86

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-6f4c-phfj-m255"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-ios-sync-engine/security/advisories/GHSA-w727-5f74-49xj"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-p354-6r3m-g4xr"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-ios/commit/b0e7bb3b13dd8212032cb46e32edf701694687c7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wire-ios",
          "vendor": "wireapp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.86"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-04T18:15:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-6f4c-phfj-m255"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/wire-ios-sync-engine/security/advisories/GHSA-w727-5f74-49xj"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-p354-6r3m-g4xr"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wireapp/wire-ios/commit/b0e7bb3b13dd8212032cb46e32edf701694687c7"
        }
      ],
      "source": {
        "advisory": "GHSA-6f4c-phfj-m255",
        "discovery": "UNKNOWN"
      },
      "title": "Account takeover when having only access to a user\u0027s short lived token",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41093",
          "STATE": "PUBLIC",
          "TITLE": "Account takeover when having only access to a user\u0027s short lived token"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "wire-ios",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.86"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "wireapp"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285: Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-6f4c-phfj-m255",
              "refsource": "CONFIRM",
              "url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-6f4c-phfj-m255"
            },
            {
              "name": "https://github.com/wireapp/wire-ios-sync-engine/security/advisories/GHSA-w727-5f74-49xj",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/wire-ios-sync-engine/security/advisories/GHSA-w727-5f74-49xj"
            },
            {
              "name": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-p354-6r3m-g4xr",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-p354-6r3m-g4xr"
            },
            {
              "name": "https://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/wire-server/security/advisories/GHSA-9rm2-w6pq-333m"
            },
            {
              "name": "https://github.com/wireapp/wire-ios/commit/b0e7bb3b13dd8212032cb46e32edf701694687c7",
              "refsource": "MISC",
              "url": "https://github.com/wireapp/wire-ios/commit/b0e7bb3b13dd8212032cb46e32edf701694687c7"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6f4c-phfj-m255",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41093",
    "datePublished": "2021-10-04T18:15:11",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-04T02:59:31.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-10722

CVE-2021-41093 (GCVE-0-2021-41093)

Tags

Sightings

Nomenclature