The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x prior to 2.3.2.110 allows remote malicious users to reset arbitrary passwords by providing the e-mail address associated with a user account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symantec liveupdate administrator 2.1.3 |
||
symantec liveupdate administrator 2.2.2 |
||
symantec liveupdate administrator |
||
symantec liveupdate administrator 2.1.0 |
||
symantec liveupdate administrator 2.2.2.9 |
||
symantec liveupdate administrator 2.3.0 |
||
symantec liveupdate administrator 2.3.1 |
||
symantec liveupdate administrator 2.1.2 |
||
symantec liveupdate administrator 2.2.1 |