CVE-2018-16529
Summary
| CVE | CVE-2018-16529 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-28 17:29:00 UTC |
| Updated | 2022-04-22 19:24:00 UTC |
| Description | A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. |
Risk And Classification
Problem Types: CWE-640
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Forcepoint | Email Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: Security issue in the password reset mechanism of Forcepoint Secure Messaging product (tested in version 8.5) | MISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Security Advisory: Email Security Password Reset Link Expiration Vulnerability (CVE-2018-16529) | CONFIRM | help.forcepoint.com | |
| KB Article | Forcepoint Support | CONFIRM | support.forcepoint.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.