What is CVE-2017-9557?

CVE-2017-9557 is a high-severity vulnerability in Echatserver Easy_chat_server, classified under Insufficiently Protected Credentials. CVSS score: 7.5/10. Published 2017-06-12.

How severe is CVE-2017-9557?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Echatserver Easy_chat_server

CVE-2017-9557

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the resp…

EPSS: 0.003 (54.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Echatserver Easy_chat_server
N/a — versions n/a

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-9557?: CVE-2017-9557 is a high-severity vulnerability in Echatserver Easy_chat_server, classified under Insufficiently Protected Credentials. CVSS score: 7.5/10. Published 2017-06-12.
How severe is CVE-2017-9557?: High severity. CVSS v3 base score is 7.5 out of 10.