Published: 13/12/2021 Updated: 02/08/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an malicious user to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
reprisesoftware reprise license manager

Reprise License Manager version 142 suffers from a missing authentication vulnerability that allows for password changing of any existing user ...

Full Disclosure mailing list archives   By Date By Thread </form>    (Reprise License Manager) RLM 142 - Unauthenticated Password Change  <!--X-Head-of-Message ...

CWE-306 https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html https://www.reprisesoftware.com/RELEASE_NOTES https://nvd.nist.gov https://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-44152

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect