CVE-2020-7962
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect.
Se detectó un problema en One Identity Password Manager versión 5.8. Un atacante podría enumerar respuestas válidas para un usuario. Es posible para un atacante detectar una respuesta válida basada en el contenido de la respuesta HTTP y reutilizar esta respuesta más tarde para restablecer la contraseña de una contraseña elegida. La enumeración es posible porque, dentro del contenido de la respuesta HTTP, un WRONG ID es solo devuelto cuando la respuesta es incorrecta
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-24 CVE Reserved
- 2020-11-13 CVE Published
- 2023-07-30 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2020050185 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oneidentity Search vendor "Oneidentity" | Password Manager Search vendor "Oneidentity" for product "Password Manager" | 5.8 Search vendor "Oneidentity" for product "Password Manager" and version "5.8" | - |
Affected
| ||||||