The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
References
Link | Resource |
---|---|
http://open.eucalyptus.com/wiki/esa-01 | |
http://secunia.com/advisories/42632 | Vendor Advisory |
http://secunia.com/advisories/42666 | Vendor Advisory |
http://www.securityfocus.com/bid/45462 | |
http://www.ubuntu.com/usn/USN-1033-1 | |
http://www.vupen.com/english/advisories/2010/3259 | Vendor Advisory |
http://www.vupen.com/english/advisories/2010/3260 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/64167 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2010-12-22T20:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2010-10-12T00:00:00
Link: CVE-2010-3905
JSON object: View
NVD Information
Status : Modified
Published: 2010-12-22T21:00:15.957
Modified: 2017-08-17T01:33:04.477
Link: CVE-2010-3905
JSON object: View
Redhat Information
No data.
CWE