CVE-2018-16529
First published: Thu Mar 28 2019(Updated: )
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
Credit: psirt@forcepoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Forcepoint Email Security | >=8.5.0<=8.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16529?
The severity of CVE-2018-16529 is critical, with a severity value of 9.8.
What is affected by CVE-2018-16529?
Forcepoint Email Security 8.5.x versions between 8.5.0 and 8.5.3 are affected by CVE-2018-16529.
What is the CWE ID for CVE-2018-16529?
The CWE ID for CVE-2018-16529 is 640.
What is the vulnerability description of CVE-2018-16529?
CVE-2018-16529 is a password reset vulnerability in Forcepoint Email Security 8.5.x where the reset URL remains functional after expiration or previous use.
How can I find more information about CVE-2018-16529?
You can find more information about CVE-2018-16529 on the [Forcepoint support page](https://help.forcepoint.com/security/CVE/CVE-2018-16529.html) and [seclists.org](https://seclists.org/fulldisclosure/2018/Nov/23).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/forcepoint
- canonical/forcepoint email security
- version/forcepoint email security/8.5.0
- version/forcepoint email security/8.5.3