CVE-2010-3905

Eucalyptus - Authentication Bypass

Title source: rule

Description

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

References (8)

[Vendor Advisory] http://secunia.com/advisories/42632

[Vendor Advisory] http://secunia.com/advisories/42666

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45462

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1033-1

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3259

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3260

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64167

[Third Party Advisory] http://open.eucalyptus.com/wiki/esa-01

Scores

EPSS 0.0139

EPSS Percentile 80.2%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

eucalyptus/eucalyptus

Timeline

Published Dec 22, 2010

Tracked Since Feb 18, 2026