PT-2020-16173 · Alfresco · Alfresco Reset Password Add-On

Published

2020-09-17

Updated

2020-09-25

CVE-2020-25728

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alfresco Reset Password add-on versions prior to 1.2.0

Description The issue involves a broken algorithm in the Reset Password add-on that allows a malicious user to change any user's account password, including the admin account. This is due to an increment-related flaw in the algorithm.

Recommendations For versions prior to 1.2.0, update the Reset Password add-on to version 1.2.0 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2020-25728

Affected Products

Alfresco Reset Password Add-On

PT-2020-16173 · Alfresco · Alfresco Reset Password Add-On

CVE-2020-25728

Weakness Enumeration

Related Identifiers

Affected Products

References · 3