Arbitrary User Password Reset Vulnerability in vTiger 6.0

Arbitrary User Password Reset Vulnerability in vTiger 6.0

CVE-2014-2269 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.

Learn more about our User Device Pen Test.