KLA10726
Security bypass vulnerability in Dovetones AD Self Password Reset

Updated: 06/03/2020

Detect date ?	12/23/2015
Severity ?	Critical
Description	An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability related to PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll and can be triggered by attacker with valid username only.
Affected products	Dovestones AD Self Password Reset versions earlier than 3.0.4.0
Solution	Update to the latest version Dovestones products download page
Original advisories	Dovestones advisory
Impacts ?	SB [?]
Related products	Dovestones AD Self Password Reset
CVE-IDS ?	CVE-2015-82677.5Critical
	Find out the statistics of the vulnerabilities spreading in your region

KLA10726Security bypass vulnerability in Dovetones AD Self Password Reset