Login Sign Up

CVE-2022-29700

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-29700 is a vulnerability in Zammad v5.1.0 where lack of password length restriction allows attackers to create extremely long passwords, causing Denial of Service (DoS) during password verification. This affects all Zammad installations running the vulnerable version, potentially disrupting authentication services.

💻 Affected Systems

Products:
  • Zammad
Versions: v5.1.0
Operating Systems: All platforms running Zammad
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Zammad v5.1.0 specifically; other versions are not vulnerable.

📦 What is this software?

Zammad by Zammad

View all CVEs affecting Zammad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete authentication service disruption preventing all user logins, potentially leading to extended downtime and business impact.

🟠

Likely Case

Temporary authentication service degradation or unavailability affecting legitimate user access.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid response capabilities in place.

🌐 Internet-Facing: HIGH - Authentication endpoints are typically internet-facing, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal users could still exploit this, though less likely than external attackers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to create or modify user accounts, but the attack itself is simple - creating accounts with extremely long passwords.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.1.1 and later

Vendor Advisory: https://zammad.com/en/advisories/zaa-2022-03

Restart Required: Yes

Instructions:

1. Backup your Zammad installation and database. 2. Update to Zammad v5.1.1 or later using your package manager or installation method. 3. Restart Zammad services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Implement password length restrictions

all

Add password length validation to prevent extremely long passwords

# Requires modifying Zammad source code to add password length validation

Rate limit authentication attempts

linux

Implement rate limiting on authentication endpoints to mitigate DoS impact

# Configure web server (nginx/apache) rate limiting for /auth/login endpoints

🧯 If You Can't Patch

  • Implement WAF rules to block authentication requests with extremely long password parameters
  • Monitor authentication logs for unusually long password attempts and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check Zammad version: if running v5.1.0 exactly, you are vulnerable.

Check Version:

zammad version

Verify Fix Applied:

Verify Zammad version is v5.1.1 or later and test that password length restrictions are enforced.

📡 Detection & Monitoring

Log Indicators:

  • Authentication failures with unusually long password fields
  • Increased authentication processing time
  • Authentication service errors or timeouts

Network Indicators:

  • Multiple authentication requests with large payload sizes
  • Authentication endpoint response time degradation

SIEM Query:

source="zammad" (auth_failure OR login_failed) AND password_length>1000

📊 Metadata

CVE ID: CVE-2022-29700
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-521
Published: April 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29700, you might also want to check these:

CVE-2021-20418 9.8

IBM Security Guardium 11.2 has a weak default password policy that doesn't enforce strong passwords,...

Same vulnerability type (CWE-521)
CVE-2021-41296 9.8

ECOA BAS controllers use weak default administrative credentials that can be easily guessed in remot...

Same vulnerability type (CWE-521)
CVE-2020-29591 9.8

This vulnerability allows remote attackers to gain root access to Docker registry containers by usin...

Same vulnerability type (CWE-521)