Description
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.
References
https://www.whiteoaksecurity.com/blog/centrestack-disclosure/
ExploitVendor Advisory
https://www.whiteoaksecurity.com/blog/centrestack-disclosure/
ExploitVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-03-31T16:15:07.457
2 years agoLast modified
2025-02-18T17:15:15.977
4 months ago