PT-2023-20811 · Gladinet · Gladinet Centrestack
Publicado
2023-03-31
·
Atualizado
2023-04-07
·
CVE-2023-26829
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gladinet CentreStack versions prior to 13.5.9808
Description
An authentication bypass issue in the Password Reset component allows remote attackers to set a new password for any valid user account without needing the previous known password, resulting in a full authentication bypass.
Recommendations
For versions prior to 13.5.9808, update to version 13.5.9808 or later to resolve the issue. As a temporary workaround, consider disabling the Password Reset component until a patch is available. Restrict access to the Password Reset functionality to minimize the risk of exploitation.
Exploit
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gladinet Centrestack