CVE-2006-1620
The affected component is Hosting Controller 2002 RC1 (admin/accounts/AccountActions.asp). The vulnerability allows remote attackers to modify passwords for other users by abusing the Update User ActionType with a forged UserName and PassCheck=TRUE. This issue has been observed in 6.1 Hotfix 3.3 ...