CVE-2015-8267

NONE EPSS 81.8%
Published Dec 24, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 24, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

Threat Intelligence

EPSS Exploit Probability
81.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 1

VendorProductVersionRange
dovestonesad_self_password_reset* ≤3.0.3.0

References 3

  • dovestones.com http://www.dovestones.com/security-vulnerability-in-ad-self-password-reset-v3-0-3-0/
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/79642
  • kb.cert.org https://www.kb.cert.org/vuls/id/757840
    Third Party AdvisoryUS Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.