CVE-2020-15906

CVE-2020-15906

EPSS 27.4%

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html https://info.tiki.org/article473-Security-Releases-of-all-Tiki-versions-since-16-3