CVE-2020-25728

High

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change…

mitre·CWE-640·Published 2020-09-17

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

193 chars

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

NVDen

193 chars

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

El add-on Reset Password versiones anteriores a 1.2.0 para Alfresco, presenta un algoritmo roto (que implica un incremento) que permite a un usuario malicioso cambiar la contraseña de la cuenta de cualquier usuario, incluyendo la cuenta de administrador

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H