CVE-2010-1910
Consona Live Assistance, Dynamic Agent, and Subscriber Assistance - Improper Authentication via Blank Hint Fields
Title source: llmDescription
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
References (6)
Core 6
Core References
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/602801
Various Sources x_refsource_misc
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511176/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40003
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39740
Patch, Vendor Advisory x_refsource_confirm
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
Scores
EPSS
0.0246
EPSS Percentile
82.5%
Details
CWE
CWE-287
Status
published
Products (3)
consona/consona_dynamic_agent
(3 CPE variants)
consona/consona_live_assistance
consona/consona_subscriber_assistance
Published
May 12, 2010
Tracked Since
Feb 18, 2026