Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16988

Опубликовано: 02 мая 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xdmod:open_xdmod:*:*:*:*:*:*:*:*
Версия до 7.0.1 (включая)
cpe:2.3:a:xdmod:open_xdmod:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:xdmod:open_xdmod:7.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:xdmod:open_xdmod:7.5.0:rc2:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00305
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640

Связанные уязвимости

github логотип

GHSA-42xw-2v8p-rrf7

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.

EPSS

Процентиль: 53%
0.00305
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640