vulnerability

CVE-2020-7378: OpenCRX Unverified Password Change

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Nov 24, 2020	Nov 24, 2020	Jan 12, 2023

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Nov 24, 2020

Added

Nov 24, 2020

Modified

Jan 12, 2023

Description

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.

Solution

opencrx-upgrade-5_0_20200904

References

CVE-2020-7378
https://attackerkb.com/topics/CVE-2020-7378

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today