CVE-2021-44152
Summary
| CVE | CVE-2021-44152 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-13 04:15:00 UTC |
| Updated | 2023-08-02 17:28:00 UTC |
| Description | An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Reprisesoftware | Reprise License Manager | All | All | All | All |
| Application | Reprisesoftware | Reprise License Manager | 14.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.reprisesoftware.com/RELEASE_NOTES | CONFIRM | www.reprisesoftware.com | |
| License Administration Bundle Downloads: Reprise License Manager - RLM | MISC | reprisesoftware.com | |
| Reprise License Manager 14.2 Unauthenticated Password Change ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.