The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: symantec
Published: 2014-03-29T01:00:00
Updated: 2014-03-29T01:57:00
Reserved: 2014-01-23T00:00:00
Link: CVE-2014-1644
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-03-29T01:55:07.093
Modified: 2014-03-31T16:40:14.277
Link: CVE-2014-1644
JSON object: View
Redhat Information
No data.
CWE