Main Vulnerability Database Vulnerabilities #VU61476

#VU61476 Weak password requirements in Admidio

Published: March 20, 2022

Vulnerability identifier: #VU61476

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-521

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Admidio

Software vendor:
Admidio

Description

The vulnerability allows an attacker to compromise the affected account.

The vulnerability exists due to an error in the password change functionality, which did not reset all user's session after password change. An attacker who compromised user's session can retain access to the victim's account even after password change.

Remediation

Install updates from vendor's website.

External links

https://github.com/Admidio/admidio/releases/tag/v4.1.9

#VU61476 Weak password requirements in Admidio

Description

Remediation

External links

Please verify you're human