CVE-2015-8267
NONE EPSS 81.8%
Published Dec 24, 201510y ago · Modified Jun 17, 20262w ago
Published Dec 24, 2015 10y ago
Last Modified Jun 17, 2026 2w ago
Description
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.
Threat Intelligence
EPSS Exploit Probability
81.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dovestones | ad_self_password_reset | * | ≤3.0.3.0 |
References 3
- dovestones.com http://www.dovestones.com/security-vulnerability-in-ad-self-password-reset-v3-0-3-0/
- securityfocus.com http://www.securityfocus.com/bid/79642
- kb.cert.org https://www.kb.cert.org/vuls/id/757840
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.