Security bypass vulnerability in Dovetones AD Self Password Reset

Описание

An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request.

---

Technical details

This vulnerability related to PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll and can be triggered by attacker with valid username only.

Первичный источник обнаружения

• Dovestones advisory
  

Связанные продукты

• Dovestones-AD-Self-Password-Reset

Список CVE

• CVE-2015-8267
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com