CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.
References
Link | Resource |
---|---|
https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/ | Exploit Third Party Advisory |
https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/ - Exploit, Third Party Advisory |
Information
Published : 2020-11-24 17:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7378
Mitre link : CVE-2020-7378
CVE.ORG link : CVE-2020-7378
JSON object : View
Products Affected
opencrx
- opencrx