Lucene search
GoogleOSV:CVE-2018-16988HistoryMay 02, 2019 - 8:29 p.m.
CVE-2018-16988
2019-05-0220:29:00
Google
osv.dev
3
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xdmod | eq | 6.6.0-beta.3 | |
| xdmod | eq | 6.6.0 | |
| xdmod | eq | 6.5.0 | |
| xdmod | eq | 7.0.0 | |
| xdmod | eq | 7.0.1 | |
| xdmod | eq | 6.6.0-beta.2 | |
| xdmod | eq | 6.6.0-beta.1 |
Related
cvelist
cvelist
CVE-2018-16988
2019-05-02 19:38:07
nvd
nvd
CVE-2018-16988
2019-05-02 20:29:00
prion
prion
Authentication flaw
2019-05-02 20:29:00
cve
cve
CVE-2018-16988
2019-05-02 20:29:00