Vulnerability Description
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eucalyptus | Eucalyptus | 2.0.0 |
Related Weaknesses (CWE)
References
- http://open.eucalyptus.com/wiki/esa-01
- http://secunia.com/advisories/42632Vendor Advisory
- http://secunia.com/advisories/42666Vendor Advisory
- http://www.securityfocus.com/bid/45462
- http://www.ubuntu.com/usn/USN-1033-1
- http://www.vupen.com/english/advisories/2010/3259Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3260Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64167
- http://open.eucalyptus.com/wiki/esa-01
- http://secunia.com/advisories/42632Vendor Advisory
- http://secunia.com/advisories/42666Vendor Advisory
- http://www.securityfocus.com/bid/45462
- http://www.ubuntu.com/usn/USN-1033-1
- http://www.vupen.com/english/advisories/2010/3259Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3260Vendor Advisory
FAQ
What is CVE-2010-3905?
CVE-2010-3905 is a vulnerability with a CVSS score of 7.5 (HIGH). The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset req...
How severe is CVE-2010-3905?
CVE-2010-3905 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3905?
Check the references section above for vendor advisories and patch information. Affected products include: Eucalyptus Eucalyptus.