KLA10726
Security bypass vulnerability in Dovetones AD Self Password Reset
Updated: 06/01/2019
Detect date
?
12/23/2015
Severity
?
Critical
Description

An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request.


Technical details

This vulnerability related to PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll and can be triggered by attacker with valid username only.

Affected products

Dovestones AD Self Password Reset versions earlier than 3.0.4.0

Solution

Update to the latest version
Dovestones products download page

Original advisories

Dovestones advisory

Impacts
?
SB 
[?]
CVE-IDS
?
CVE-2015-82677.5Critical