Unverified Password Change Vulnerability in ProMinent MultiFLEX M10a Controller Web Interface

Unverified Password Change Vulnerability in ProMinent MultiFLEX M10a Controller Web Interface

CVE-2017-14005 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.

Learn more about our Web App Pen Testing.