Vulnerability Details CVE-2019-9768
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.401
EPSS Ranking 97.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/152182/Canarytokens-2019-03-01-Detection-Bypass.html
- https://github.com/thinkst/canarytokens/issues/35
- https://www.exploit-db.com/exploits/46589/
- http://packetstormsecurity.com/files/152182/Canarytokens-2019-03-01-Detection-Bypass.html
- https://github.com/thinkst/canarytokens/issues/35
- https://www.exploit-db.com/exploits/46589/
Products affected by CVE-2019-9768
-
cpe:2.3:a:thinkst:canarytokens:-
-
cpe:2.3:a:thinkst:canarytokens:2019-03-01