CVE-2018-0696
HIGHOpenAM 13.0-13.0.0-120 - Authenticated Weak Password Recovery Mechanism
Title source: llmDescription
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN49995005/index.html
Permissions Required, Third Party Advisory x_refsource_misc
https://www.cs.themistruct.com/report/wam20181012
Third Party Advisory x_refsource_misc
https://www.osstech.co.jp/support/am2018-4-1-en
Scores
CVSS v3
7.5
EPSS
0.0106
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (1)
osstech/openam
13.0 - 13.0.0-120
Published
Feb 13, 2019
Tracked Since
Feb 18, 2026