4 matches found
Design/Logic Flaw
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...
CVE-2014-6409
CVE-2014-6409 is a CSRF vulnerability in M/Monit 3.3.2 and earlier. The issue allows an attacker to hijack administrator sessions and trigger password changes by submitting requests to /admin/users/update with fullname and password parameters. The root cause is lack of sufficient CSRF protection ...
M/Monit 3.2.2 Cross Site Request Forgery Vulnerability
M/Monit versions 3.2.2 and below suffer from multiple cross site request forgery vulnerabilities. Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the...
M/Monit 3.2.2 Cross Site Request Forgery
Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: CSRF poc M/monit 3. Mitigation Software vendor confirmed the issue, and a fix might be released in the future. 4. Time line: 15.9 - Found vulnerabilities 15.9 -...