CVE-2010-3905
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
La característica de borrado de password en la interfaz de administrador para Eucalyptus v2.0.0 y v2.0.1 no realiza la autenticación, lo que permite a atacantes remotos obtener privilegios por envío de peticiones de borrado de password para otros usuarios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-10-12 CVE Reserved
- 2010-12-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://open.eucalyptus.com/wiki/esa-01 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/45462 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64167 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/42632 | 2017-08-17 | |
| http://secunia.com/advisories/42666 | 2017-08-17 | |
| http://www.ubuntu.com/usn/USN-1033-1 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2010/3259 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2010/3260 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eucalyptus Search vendor "Eucalyptus" | Eucalyptus Search vendor "Eucalyptus" for product "Eucalyptus" | 2.0.0 Search vendor "Eucalyptus" for product "Eucalyptus" and version "2.0.0" | - |
Affected
| ||||||
| Eucalyptus Search vendor "Eucalyptus" | Eucalyptus Search vendor "Eucalyptus" for product "Eucalyptus" | 2.0.1 Search vendor "Eucalyptus" for product "Eucalyptus" and version "2.0.1" | - |
Affected
| ||||||