CVE-2015-9238 Vulnerability Details

  /     /     /  

CVE-2015-9238 Metadata Quick Info

CVE Published: 31/05/2018 | CVE Updated: 16/09/2024 | CVE Year: 2015
Source: hackerone | Vendor: HackerOne | Product: secure-compare node module
Status : PUBLISHED

---

CVE-2015-9238 Description

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-697
CWE Name: Incorrect Comparison (CWE-697)
Source: HackerOne

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).