CVE-2010-3905
First published: Wed Dec 22 2010(Updated: )
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eucalyptus Eucalyptus | =2.0.0 | |
| Eucalyptus Eucalyptus | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/45462
- http://secunia.com/advisories/42666
- http://open.eucalyptus.com/wiki/esa-01
- http://www.vupen.com/english/advisories/2010/3260
- http://www.ubuntu.com/usn/USN-1033-1
- http://www.vupen.com/english/advisories/2010/3259
- http://secunia.com/advisories/42632
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64167
- collector/nvd-historical
- collector/nvd-index
- agent/event
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eucalyptus
- canonical/eucalyptus eucalyptus
- version/eucalyptus eucalyptus/2.0.0
- version/eucalyptus eucalyptus/2.0.1