CVE-2018-1000812

Name of the Vulnerable Software and Affected Versions Artica Integria IMS versions prior to the version released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047

Description The issue is related to a weak password recovery mechanism in the password recovery process. This can result in IntegriaIMS web app user accounts being taken over. The attack appears to be exploitable via network access to the IntegriaIMS web interface. The vulnerable code is located in line 45 of general/password recovery.php.

Recommendations For Artica Integria IMS versions prior to the version released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047, update to a version released after the specified commit to resolve the issue. As a temporary workaround, consider restricting access to the password recovery process until the update is applied.