CVE-2018-9082

2018-09-28T20:29:00
ID CVE-2018-9082
Type cve
Reporter cve@mitre.org
Modified 2019-01-07T19:38:00

Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account