CVE-2018-0696

Published: Feb 13, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

Affected (1)

Products: Osstech: Openam

Osstech

1 product

Openam

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Osstech Openam	From 13.0 to 13.0.0-120

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (6)

http://jvn.jp/en/jp/JVN49995005/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.cs.themistruct.com/report/wam20181012

Source: vultures@jpcert.or.jp

Permissions RequiredThird Party Advisory

https://www.osstech.co.jp/support/am2018-4-1-en

Source: vultures@jpcert.or.jp

Third Party Advisory

http://jvn.jp/en/jp/JVN49995005/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cs.themistruct.com/report/wam20181012

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://www.osstech.co.jp/support/am2018-4-1-en

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.