Xdmod

xdmod

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Open Xdmod

open_xdmod

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-16988 1Xdmod 1Open Xdmod Nov 21, 2024 May 2, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in t...Show more An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-16988

1Xdmod

1Open Xdmod

Nov 21, 2024

May 2, 2019

N/A· v4

9.8 CRITICAL· v3

5.0 MEDIUM· v2

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.Show less