PT-2015-2914 · Lepide · Lepide Active Directory Self Service

Alain Homewood

Publicado

2015-12-08

Atualizado

2016-11-28

CVE-2015-8570

CVSS v2.0

7.4

Alta

Vetor

AV:A/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lepide Active Directory Self Service (affected versions not specified)

Description The issue is related to errors in the implementation of the password reset functionality in Lepide Active Directory Self Service. This allows remote authenticated users to change arbitrary domain user passwords via a crafted request. The exploitation of this issue may enable an attacker to modify passwords of arbitrary users using a specially crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2016-00011

CVE-2015-8570

ZDI-15-621

Produtos afetados

Lepide Active Directory Self Service

PT-2015-2914 · Lepide · Lepide Active Directory Self Service

CVE-2015-8570

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5