Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified MeetingPlace password reset
Published:26.07.2015
Source:
SecurityVulns ID:14605
Type:remote
Threat Level:
6/10
Description:It's possible to change password without entering previous one and session validation.
Affected:CISCO : Unified MeetingPlace Web Conferencing 8.6
CVE:CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.)
Files: Cisco Security Advisory Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod