Main Vulnerability Database Vulnerabilities #VU61476

Weak password requirements in Admidio - #VU61476

Published: March 20, 2022

Vulnerability identifier: #VU61476

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-521

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Admidio

Software vendor:
Admidio

Description

The vulnerability allows an attacker to compromise the affected account.

The vulnerability exists due to an error in the password change functionality, which did not reset all user's session after password change. An attacker who compromised user's session can retain access to the victim's account even after password change.

Remediation

Install updates from vendor's website.

External links

https://github.com/Admidio/admidio/releases/tag/v4.1.9

Weak password requirements in Admidio - #VU61476

Description

Remediation

External links

Please verify you're human