CVE-2020-14016
First published: Wed Jun 24 2020(Updated: )
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | =2.9-r1433 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14016?
CVE-2020-14016 is a vulnerability discovered in Navigate CMS 2.9 r1433.
How does the forgot-password feature in Navigate CMS work?
The forgot-password feature in Navigate CMS allows users to reset their passwords by using either their username or the email address associated with their account.
What happens if the provided username or email address is not found in the forgot-password feature?
If the provided username or email address is not found in the forgot-password feature, the feature returns a 'not_found' message.
What is the severity rating of CVE-2020-14016?
CVE-2020-14016 has a severity rating of 'medium' with a score of 5.3.
How can I fix the vulnerability in Navigate CMS 2.9 r1433?
To fix the vulnerability in Navigate CMS 2.9 r1433, it is recommended to update to a newer version or apply any available patches provided by the vendor.
- collector/nvd-index
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.9-r1433