CVE-2020-26061

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/missing0x00/CVE-2020-26061	Exploit Third Party Advisory
https://www.clickstudios.com.au/passwordstate-changelog.aspx	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-05 14:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-26061

Mitre link : CVE-2020-26061

CVE.ORG link : CVE-2020-26061

JSON object : View

Products Affected

clickstudios

passwordstate

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2020-26061", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-10-05T14:15:13.297", "references": [{"url": "https://github.com/missing0x00/CVE-2020-26061", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user."}, {"lang": "es", "value": "ClickStudios Passwordstate Password Reset Portal anteriores al build 8501, est\u00e1 afectado por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. La funci\u00f3n ResetPassword no comprueba si el usuario se ha autenticado con \u00e9xito usando preguntas de seguridad. Un atacante remoto no autenticado puede enviar una petici\u00f3n HTTP dise\u00f1ada hacia la p\u00e1gina /account/ResetPassword para establecer una nueva contrase\u00f1a para cualquier usuario registrado"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83774FFC-A77F-4179-A0AD-9624340DEADD", "versionEndExcluding": "8.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}