CVE-2010-3905
Eucalyptus 2.0.0-2.0.1 - Unauthenticated Privilege Escalation via Password Reset Feature
Title source: llmDescription
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45462
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1033-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64167
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42666
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3260
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42632
Third Party Advisory x_refsource_confirm
http://open.eucalyptus.com/wiki/esa-01
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3259
Scores
EPSS
0.0286
EPSS Percentile
85.0%
Details
CWE
CWE-287
Status
published
Products (2)
eucalyptus/eucalyptus
2.0.0
eucalyptus/eucalyptus
2.0.1
Published
Dec 22, 2010
Tracked Since
Feb 18, 2026