Описание
StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords.
StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords.
Связанные уязвимости
CVSS3: 8.8
nvd
около 4 лет назад
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.