admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote malicious users to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and previous versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hosting controller hosting controller 2002_rc_1 |
||
hosting controller hosting controller |