CVE-2022-24551

Name of the Vulnerable Software and Affected Versions StarWind SAN and NAS versions 0.2 build 1633 through 0.2 build 1684

Description A flaw was found in the password reset endpoint, which does not properly check the current username and old password. This allows an attacker to reset any local user password, including system or administrator user passwords, using any available user account.

Recommendations For StarWind SAN and NAS versions 0.2 build 1633 through 0.2 build 1684, update to version 0.2 build 1685 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset endpoint until the update can be applied.