Unrestricted Password Reset Vulnerability in EMC RSA Identity Management and Governance (IMG)

Unrestricted Password Reset Vulnerability in EMC RSA Identity Management and Governance (IMG)

CVE-2015-0532 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

Learn more about our Web Application Penetration Testing UK.