CVE-2014-6607
First published: Mon Oct 06 2014(Updated: )
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mmonit M\/monit | <=3.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/mmonit
- canonical/mmonit m\/monit
- version/mmonit m\/monit/3.3.2