Published: 24/11/2020 Updated: 07/12/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencrx opencrx
opencrx opencrx 5.0
opencrx opencrx 5.0.0

Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script

openCRX-CVE-2020-7378 (Unauthenticated Account Take Over) Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378 A Stealthy Python Implentation for CVE-2020-7378 Exploit is because, the developers used Random Class from javautilRandom to generate random tokens in order to reset a users password Instead they should be using the SecureRandom Class from javasecurityS

My OSWE Pre-preperation (i.e. before acutally buying the course) phase plan and notes!

Notes/Plan for my own personal reference! 𝐎𝐒𝐖𝐄/𝐀𝐖𝐀𝐄 𝐏𝐫𝐞-𝐏𝐫𝐞𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧 𝐏𝐥𝐚𝐧 𝐚𝐧𝐝 𝐍𝐨𝐭𝐞𝐬 Started : 16-09-2022 Expected : ?? Donno ?? [bcz of college Assignments/ Exams/ Projects College Sucks] Oct to Dec: Got Distracted with bug-bounties + Co

CWE-287 https://blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/https://nvd.nist.gov https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378

CVE-2020-7378

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect