First published: Thu Dec 20 2018(Updated: )
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Artica Integria IMS | <=5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1000812 refers to a Weak Password Recovery Mechanism for Forgotten Password vulnerability found in Artica Integria IMS version 5.0 MR56 Package 58, and likely earlier versions.
The severity of CVE-2018-1000812 is rated as high with a CVSS severity score of 8.1.
CVE-2018-1000812 allows attackers to take over user accounts in Artica Integria IMS web application.
Yes, a fix is available. Users should update to a version of Artica Integria IMS that is not affected by the vulnerability.
You can find more information about CVE-2018-1000812 on the following references: [Link 1](https://cp270.wordpress.com/2018/05/14/war-story-password-resets/), [Link 2](https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047), [Link 3](https://github.com/fleetcaptain/integria-takeover).