PT-2018-9600 · Vesta · Vestacp
Publicado
2018-12-20
·
Atualizado
2020-08-24
·
CVE-2018-1000884
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Vesta CP versions prior to 0.9.8-18
Description:
The issue is related to a timing discrepancy in the password reset code, located in the web/reset/index.php file, line 51. This can potentially allow an attacker to determine password reset codes and change the administrator's password. The attack is exploitable via unauthenticated network connectivity.
Recommendations:
For versions prior to 0.9.8-18, update to version 0.9.8-19 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until the update is applied.
Correção
Side Channel Attack
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vestacp