Platform
other
Component
tooljet/tooljet
Fixed in
v1.26.1
CVE-2022-3422 is a critical vulnerability affecting Tooljet versions up to v1.26.1. This flaw allows attackers to take control of user accounts through password hash cracking and exploitation of the forgotten password token functionality. Successful exploitation can lead to unauthorized access to sensitive data and system compromise. The vulnerability has been fixed in version v1.26.1.
The core of this vulnerability lies in the insecure handling of password storage and the forgotten password reset process within Tooljet. An attacker can potentially obtain password hashes, which, if cracked, would grant them direct access to user accounts. Furthermore, the forgotten password token mechanism is vulnerable, allowing an attacker to intercept or manipulate tokens to reset passwords and gain control of accounts without user interaction. The blast radius extends to any data accessible within Tooljet, including sensitive business information, user credentials, and potentially integration keys for connected services. This vulnerability is particularly concerning given the increasing sophistication of password cracking techniques and the prevalence of account takeover attacks.
CVE-2022-3422 was publicly disclosed on 2022-10-07. The vulnerability's severity is high due to the potential for complete account takeover. No known active exploitation campaigns have been publicly reported at the time of this writing, but the availability of password cracking tools and the ease of exploiting the forgotten password token mechanism suggest a potential for future exploitation. It is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.34% (57% percentile)
CVSS Vector
The primary mitigation for CVE-2022-3422 is to immediately upgrade Tooljet to version v1.26.1 or later. If upgrading is not immediately feasible due to compatibility concerns or downtime requirements, consider implementing temporary workarounds. Review and strengthen password policies, enforcing strong passwords and multi-factor authentication where possible. Monitor Tooljet logs for suspicious activity, particularly related to password reset requests and failed login attempts. While a direct WAF rule is unlikely to prevent the underlying vulnerability, rate limiting password reset requests could help mitigate automated exploitation attempts. There are no specific Sigma or YARA rules readily available for this vulnerability, emphasizing the importance of upgrading.
Actualice Tooljet a la versión 1.26.1 o superior. Esta versión corrige la vulnerabilidad de gestión de privilegios que permite la toma de control de cuentas. La actualización impedirá que los atacantes accedan a información sensible como contraseñas hash o tokens de restablecimiento de contraseña.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-3422 is a critical vulnerability in Tooljet versions up to v1.26.1 that allows attackers to take control of user accounts through password hash cracking and forgotten password token exploitation.
You are affected if you are using Tooljet versions prior to v1.26.1. Immediately check your Tooljet version and upgrade if necessary.
The recommended fix is to upgrade Tooljet to version v1.26.1 or later. If immediate upgrade is not possible, implement temporary workarounds like stronger password policies and monitoring.
While no active exploitation campaigns have been publicly reported, the vulnerability's nature and ease of exploitation suggest a potential for future attacks.
Refer to the Tooljet security advisory for detailed information and updates: [https://tooljet.com/security](https://tooljet.com/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.