PT-2016-3597 · Edx · Edx-Platform
Publicado
2016-03-19
·
Atualizado
2016-03-22
·
CVE-2015-2286
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
edx-platform versions prior to 2015-01-29
Description
The issue concerns a problem with the password-reset page, where links are not properly restricted. This allows attackers to discover password-reset tokens by reading a referer log after a victim navigates from the password-reset page to a social-sharing site.
Recommendations
For versions prior to 2015-01-29, update to a version released after 2015-01-29 to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Edx-Platform