EUVD-2016-2694

Malware in sbrugna...

[NetScaler] Error "KB Questions and Asnwers not registered" with LDAP KBAttribute

In a SSPR nFactor configuration. You may observe error "KB Questions and Asnwers not registered" when login with LDAP password and can't move to the next AAA factor. Triggers are: The LDAP factor has noschema boundInherits username & password from a previous factor. LDAP action has KBAttribute...

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment ROI. If you have purchased or are thinking about purchasing a self-service password reset SSPR tool, on...

CVE-2020-25837

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset SSPR product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information...

CVE-2020-25837

CVE-2020-25837 affects Micro Focus Self Service Password Reset (SSPR) versions 4.4.0.0–4.4.0.6 and 4.5.0.1–4.5.0.2. In certain configurations, the vulnerability could disclose sensitive information. The provided documents do not specify the exact root cause, exploitation details, affected configu...

CVE-2019-11652

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset SSPR versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset SSPR SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate...

CVE-2019-11652

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset SSPR versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset SSPR SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate...

CVE-2019-11652

CVE-2019-11652 affects Micro Focus Self Service Password Reset (SSPR). A potential authorization bypass vulnerability exists in SSPR versions prior to 4.4.0.3, 4.3.0.6, and 4.2.0.6. The remediation is to upgrade to SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. The connected RH/CVE an...

Cannot access the url for SSPR: Getting HTTP error 403.14 :Forbidden

Setup for user configuration has been done. Now when I try to access the sspr url; it doesnt go through. Tried on one machineSSPR server and with one user...

Cross site scripting

Cross-site scripting XSS vulnerability in NetIQ Self Service Password Reset SSPR 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-1599

The CVE-2016-1599 entry concerns NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2. The vulnerability is a cross-site scripting (XSS) flaw triggered by a crafted URL, allowing remote attackers to inject arbitrary web script or HTML in the user’s browser. The available connecte...

CVE-2010-4506

CVE-2010-4506 concerns Passlogix v-GO Self-Service Password Reset (SSPR) and OEM prior to version 7.0A. The flaw enables physically proximate attackers to run arbitrary programs without authentication by abusing an invalid SSL certificate and using Internet Explorer to navigate the filesystem via...