CVE-2020-25728

HIGH

Alfresco Reset Password < 1.2.0 - Password Reset Weakness

Title source: rule

Description

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

References (1)

[Exploit, Vendor Advisory] https://amriunix.com/post/alfresco-reset-password-add-on-0-day-vulnerabilities/

Scores

CVSS v3 8.8

EPSS 0.0035

EPSS Percentile 57.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

alfresco/reset_password < 1.2.0

Published Sep 17, 2020

Tracked Since Feb 18, 2026