Lucene search
PRIOn knowledge basePRION:CVE-2020-7378HistoryNov 24, 2020 - 5:15 p.m.
Design/Logic Flaw
2020-11-2417:15:00
PRIOn knowledge base
www.prio-n.com
5
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opencrx | le | 4.3.0 | |
| opencrx | eq | 5.0 20200714 | |
| opencrx | eq | 5.0 20200715 | |
| opencrx | eq | 5.0 20200717 | |
| opencrx | eq | 5.0.0 |
Related
cve
cve
CVE-2020-7378
2020-11-24 17:15:11
cvelist
cvelist
CVE-2020-7378 CRIXP OpenCRX Unverified Password Change
2020-11-24 00:00:00
githubexploit
githubexploit
Exploit for Improper Authentication in Opencrx
2021-07-06 00:36:18
nvd
nvd
CVE-2020-7378
2020-11-24 17:15:11
osv
osv
CVE-2020-7378
2020-11-24 17:15:11
rapid7blog
rapid7blog
CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
2020-11-24 14:39:31