3 matches found
CVE-2015-8267
The vulnerability CVE-2015-8267 affects Dovestones AD Self Password Reset prior to 3.0.4.0, where PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll fails to properly validate the requesting user. An unauthenticated, remote attacker can reset arbitrary passwords ...
KLA10726 Security bypass vulnerability in Dovetones AD Self Password Reset
An unspecified vulnerability was found in Dovestones AD Self Password Reset. By exploiting this vulnerability malicious users can reset arbitrary passwords. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability related to...
Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users
Overview Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284: Improper Access Control - CVE-2015-8267Dovestones Software AD Self Password...