KLA10726
Security bypass vulnerability in Dovetones AD Self Password Reset

Обновлено: 03/06/2020

Дата обнаружения	23/12/2015
Уровень угрозы	Critical
Описание	An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability related to PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll and can be triggered by attacker with valid username only.
Пораженные продукты	Dovestones AD Self Password Reset versions earlier than 3.0.4.0
Решение	Update to the latest version Dovestones products download page
Первичный источник обнаружения	Dovestones advisory
Оказываемое влияние ?	SB [?]
Связанные продукты	Dovestones AD Self Password Reset
CVE-IDS	CVE-2015-82677.5Critical
	Узнай статистику распространения уязвимостей в твоем регионе

KLA10726Security bypass vulnerability in Dovetones AD Self Password Reset