Computer Security
[EN] no-pyccku

Cisco Unified MeetingPlace password reset
SecurityVulns ID:14605
Threat Level:
Description:It's possible to change password without entering previous one and session validation.
Affected:CISCO : Unified MeetingPlace Web Conferencing 8.6
CVE:CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.)
Files: Cisco Security Advisory Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod