Multiple Consona Products Password Reset Security Bypass Vulnerability
BID:40003
Info
Multiple Consona Products Password Reset Security Bypass Vulnerability
| Bugtraq ID: | 40003 |
| Class: | Access Validation Error |
| CVE: |
CVE-2010-1910 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | Consona |
| Vulnerable: |
Consona Consona Subscriber Assistance 0 Consona Consona Live Assistance 0 Consona Consona Dynamic Agent 0 |
| Not Vulnerable: | |
Discussion
Multiple Consona Products Password Reset Security Bypass Vulnerability
Multiple Consona (formerly SupportSoft) products are prone to a security-bypass vulnerability because they fail to adequately restrict access to the password-reset feature.
An attacker can exploit this issue to reset user passwords.
The following are vulnerable:
Consona Live Assistance
Consona Dynamic Agent
Consona Subscriber Assistance
Multiple Consona (formerly SupportSoft) products are prone to a security-bypass vulnerability because they fail to adequately restrict access to the password-reset feature.
An attacker can exploit this issue to reset user passwords.
The following are vulnerable:
Consona Live Assistance
Consona Dynamic Agent
Consona Subscriber Assistance
Exploit / POC
Multiple Consona Products Password Reset Security Bypass Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Multiple Consona Products Password Reset Security Bypass Vulnerability
Solution:
The vendor has released updates. Please see the references for details.
Solution:
The vendor has released updates. Please see the references for details.
References
Multiple Consona Products Password Reset Security Bypass Vulnerability
References:
References:
- Consona Homepage (Consona)
- SecurityBulletin_April2010.pdf (Consona)