Weak Password Recovery Mechanism for Forgotten Password in Navigate CMS

#VU34196 Weak Password Recovery Mechanism for Forgotten Password in Navigate CMS

Published: 2020-06-24 | Updated: 2020-08-08

Vulnerability identifier: #VU34196

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14016

CWE-ID: CWE-640

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Navigate CMS
Web applications / CMS

Vendor: Naviwebs

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Navigate CMS: 2.9

External links
http://blog.sean-wright.com/navigate-cms/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Naviwebs Navigate CMS