CyberSec.Space Logo
Back to CVE Browser

CVE-2020-25728

HIGH
8.8
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile3.79th
PublishedSep 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

Affected Platforms (CPE)

📦
Alfresco

Reset Password

< 1.2.0

References & Advisories

🔗 https://amriunix.com/post/alfresco-reset-password-add-on-0-day-vulnerabilities/
🔗 https://amriunix.com/post/alfresco-reset-password-add-on-0-day-vulnerabilities/

Related Vulnerabilities

CVE-2000-089410.0

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets ...

CVE-2003-049410.0

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by v...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2004-176910.0

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows rem...