CVE-2015-8267

Published: Dec 24, 2015Modified: May 6, 2026

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

Affected (1)

Products: Dovestones: Ad Self Password Reset

Dovestones

1 product

Ad Self Password Reset

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dovestones Ad Self Password Reset	Up to 3.0.3.0

Related CWEs

CWE-264

References (6)

http://www.dovestones.com/security-vulnerability-in-ad-self-password-reset-v3-0-3-0/

Source: cret@cert.org

Vendor Advisory

http://www.securityfocus.com/bid/79642

Source: cret@cert.org

https://www.kb.cert.org/vuls/id/757840

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.dovestones.com/security-vulnerability-in-ad-self-password-reset-v3-0-3-0/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/79642

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/757840

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.