Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:CMSMS-PASSWD-RESET |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
CMS Made Simple login.php remote password reset vulnerability |
Release Date |
2018/06/28 |
Update Number |
3078 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: CMS Made Simple login.php remote password reset vulnerability
This signature detects attempts to exploit remote password reset vulnerability in CMS Made Simple. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request of password reset to the target system. Successful exploitation can result in the attacker being able to change the password of vulnerable accounts.
Extended Description
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Affected Products
- Cmsmadesimple cms_made_simple 2.2.7
References
- CVE: CVE-2018-10081