CVE-2010-3905

critical

Description

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64167

http://www.vupen.com/english/advisories/2010/3260

http://www.vupen.com/english/advisories/2010/3259

http://www.ubuntu.com/usn/USN-1033-1

http://www.securityfocus.com/bid/45462

http://secunia.com/advisories/42666

http://secunia.com/advisories/42632

http://open.eucalyptus.com/wiki/esa-01

Details

Source: Mitre, NVD

Published: 2010-12-22

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics