CVE-2010-1910

CVE-2010-1910

EPSS 2.5%

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://secunia.com/advisories/39740 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf http://www.kb.cert.org/vuls/id/602801 http://www.securityfocus.com/archive/1/511176/100/0/threaded http://www.securityfocus.com/bid/40003