Дата обнаружения
|
23/12/2015 |
Уровень угрозы
|
Critical |
Описание
|
An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability related to PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll and can be triggered by attacker with valid username only. |
Пораженные продукты
|
Dovestones AD Self Password Reset versions earlier than 3.0.4.0 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
Dovestones advisory |
Оказываемое влияние
?
|
SB
[?]
|
Связанные продукты
|
Dovestones AD Self Password Reset |
CVE-IDS
|
|
Узнай статистику распространения уязвимостей в твоем регионе |