CVE-2006-1620

Name of the Vulnerable Software and Affected Versions: Hosting Controller versions prior to 6.1 Hotfix 3.3

Description: The issue allows remote attackers to modify passwords of other users. This is likely achieved by utilizing an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE, targeting the "/admin/accounts/AccountActions.asp" endpoint.

Recommendations: For versions prior to 6.1 Hotfix 3.3, update to a version later than 6.1 Hotfix 3.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/accounts/AccountActions.asp" endpoint to minimize the risk of exploitation. Avoid using the PassCheck parameter set to TRUE in the affected endpoint until the issue is resolved.