Description
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Exploits (1)
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Sep/71
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/34718
Exploit x_refsource_misc
http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html
Scores
EPSS
0.0488
EPSS Percentile
89.6%
Details
CWE
CWE-255
Status
published
Products (1)
mmonit/m\/monit
< 3.3.2
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026