CVE-2022-41933: CWE-312: Cleartext Storage of Sensitive Information in xwiki xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.
AI Analysis
Technical Summary
CVE-2022-41933 is a vulnerability affecting the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability specifically concerns the 'reset a forgotten password' feature accessible via the 'Forgot your password' link on the login page. In affected versions (from 13.1RC1 up to but not including 13.10.8, and from 14.0.0 up to but not including 14.4.3), when a user resets their forgotten password, the new password is stored in plaintext within the database. This cleartext storage violates secure password handling best practices and exposes sensitive user credentials to anyone with database access or the ability to exploit other vulnerabilities that leak database contents. Notably, this vulnerability does not affect password changes initiated by the user or administrators, nor does it impact users registered on subwikis in farm configurations due to an unrelated bug. The vulnerability is classified under CWE-312, which covers the cleartext storage of sensitive information. The issue was patched in versions 13.10.8, 14.4.3, and 14.6RC1, with the patch involving a migration process that removes plaintext passwords from the database and notifies affected users via email. Administrators have options during migration to either reset impacted users' passwords forcibly or retain the passwords but store them hashed. The vulnerability is particularly dangerous when combined with other vulnerabilities that allow data leaks, such as GHSA-599v-w48h-rjrm, as it could lead to exposure of user passwords. There are no known exploits in the wild at this time, but the risk remains significant due to the sensitivity of stored credentials and the potential for chained attacks.
Potential Impact
For European organizations using affected versions of XWiki Platform, this vulnerability poses a significant risk to user credential confidentiality. If attackers gain access to the database or exploit other vulnerabilities to leak data, they could retrieve plaintext passwords, potentially enabling unauthorized access to user accounts and lateral movement within organizational networks. This could lead to data breaches, loss of intellectual property, and reputational damage. The impact is amplified in environments where XWiki is used for sensitive collaboration or documentation, including governmental, financial, or healthcare sectors prevalent in Europe. Additionally, since the vulnerability only affects the password reset feature, users who frequently use this feature are at higher risk. The exposure of plaintext passwords could also facilitate credential stuffing attacks if users reuse passwords across services. The need to notify users and force password resets may cause operational disruptions and require additional support resources. However, the vulnerability does not affect all user accounts (e.g., subwiki users in farm setups), somewhat limiting the scope. Overall, the vulnerability undermines trust in the platform's security and could have cascading effects if combined with other vulnerabilities or insider threats.
Mitigation Recommendations
European organizations should immediately verify their XWiki Platform versions and upgrade to patched versions 13.10.8, 14.4.3, or later. During the upgrade, administrators should carefully plan the migration process to remove plaintext passwords from the database. It is recommended to enforce the default migration option that resets impacted users' passwords to ensure no plaintext credentials remain accessible. Organizations should also audit their databases and logs for any unauthorized access or suspicious activity related to password data. Implementing strict database access controls and monitoring is critical to prevent exploitation. Additionally, organizations should review and patch any other vulnerabilities that could enable data leakage, such as GHSA-599v-w48h-rjrm, to reduce the risk of chained attacks. User education campaigns should be conducted to inform users about the password reset process and encourage the use of strong, unique passwords. Where possible, integrating multi-factor authentication (MFA) with XWiki login processes can mitigate the risk of compromised passwords being abused. Finally, organizations should consider isolating XWiki databases and applying encryption at rest to further protect sensitive data.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden, Poland, Austria
CVE-2022-41933: CWE-312: Cleartext Storage of Sensitive Information in xwiki xwiki-platform
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.
AI-Powered Analysis
Technical Analysis
CVE-2022-41933 is a vulnerability affecting the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability specifically concerns the 'reset a forgotten password' feature accessible via the 'Forgot your password' link on the login page. In affected versions (from 13.1RC1 up to but not including 13.10.8, and from 14.0.0 up to but not including 14.4.3), when a user resets their forgotten password, the new password is stored in plaintext within the database. This cleartext storage violates secure password handling best practices and exposes sensitive user credentials to anyone with database access or the ability to exploit other vulnerabilities that leak database contents. Notably, this vulnerability does not affect password changes initiated by the user or administrators, nor does it impact users registered on subwikis in farm configurations due to an unrelated bug. The vulnerability is classified under CWE-312, which covers the cleartext storage of sensitive information. The issue was patched in versions 13.10.8, 14.4.3, and 14.6RC1, with the patch involving a migration process that removes plaintext passwords from the database and notifies affected users via email. Administrators have options during migration to either reset impacted users' passwords forcibly or retain the passwords but store them hashed. The vulnerability is particularly dangerous when combined with other vulnerabilities that allow data leaks, such as GHSA-599v-w48h-rjrm, as it could lead to exposure of user passwords. There are no known exploits in the wild at this time, but the risk remains significant due to the sensitivity of stored credentials and the potential for chained attacks.
Potential Impact
For European organizations using affected versions of XWiki Platform, this vulnerability poses a significant risk to user credential confidentiality. If attackers gain access to the database or exploit other vulnerabilities to leak data, they could retrieve plaintext passwords, potentially enabling unauthorized access to user accounts and lateral movement within organizational networks. This could lead to data breaches, loss of intellectual property, and reputational damage. The impact is amplified in environments where XWiki is used for sensitive collaboration or documentation, including governmental, financial, or healthcare sectors prevalent in Europe. Additionally, since the vulnerability only affects the password reset feature, users who frequently use this feature are at higher risk. The exposure of plaintext passwords could also facilitate credential stuffing attacks if users reuse passwords across services. The need to notify users and force password resets may cause operational disruptions and require additional support resources. However, the vulnerability does not affect all user accounts (e.g., subwiki users in farm setups), somewhat limiting the scope. Overall, the vulnerability undermines trust in the platform's security and could have cascading effects if combined with other vulnerabilities or insider threats.
Mitigation Recommendations
European organizations should immediately verify their XWiki Platform versions and upgrade to patched versions 13.10.8, 14.4.3, or later. During the upgrade, administrators should carefully plan the migration process to remove plaintext passwords from the database. It is recommended to enforce the default migration option that resets impacted users' passwords to ensure no plaintext credentials remain accessible. Organizations should also audit their databases and logs for any unauthorized access or suspicious activity related to password data. Implementing strict database access controls and monitoring is critical to prevent exploitation. Additionally, organizations should review and patch any other vulnerabilities that could enable data leakage, such as GHSA-599v-w48h-rjrm, to reduce the risk of chained attacks. User education campaigns should be conducted to inform users about the password reset process and encourage the use of strong, unique passwords. Where possible, integrating multi-factor authentication (MFA) with XWiki login processes can mitigate the risk of compromised passwords being abused. Finally, organizations should consider isolating XWiki databases and applying encryption at rest to further protect sensitive data.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-09-30T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9846c4522896dcbf4b34
Added to database: 5/21/2025, 9:09:26 AM
Last enriched: 6/22/2025, 1:35:35 PM
Last updated: 8/11/2025, 9:31:55 PM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.