CVE-2020-26061

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.

Related Vulnerabilities

CVE-2002-1810

HIGH
CVSS:7.5(High)

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the admin...

CWE-3062002

CVE-2011-4322

HIGH
CVSS:7.5(High)

websitebaker prior to and including 2.8.1 has an authentication error in backup module.

CWE-3062011

CVE-2013-1793

HIGH
CVSS:7.5(High)

openstack-utils openstack-db has insecure password creation

CWE-3062013

CVE-2015-5201

HIGH
CVSS:7.5(High)

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3....

CWE-3062015

CVE-2016-6544

HIGH
CVSS:7.5(High)

getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.

CWE-3062016

CVE-2017-0919

HIGH
CVSS:7.5(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform...

CWE-3062017