{"vuid":"VU#757840","idnumber":"757840","name":"Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users","keywords":["dovestones","access control"],"overview":"Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts.","clean_desc":"CWE-284: Improper Access Control - CVE-2015-8267 Dovestones Software AD Self Password Reset contains a vulnerable method PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll that fails to validate the requesting user. An attacker can reset passwords for arbitrary accounts by manipulating web application requests that call the vulnerable method.","impact":"A remote, unauthenticated attacker can reset passwords for arbitrary accounts where usernames are known or can be guessed.","resolution":"Apply an update The vendor has released version 3.0.4.0 to address this and other vulnerabilities and has worked directly with customers to implement the update. Users are encouraged to update to the latest version.","workarounds":"","sysaffected":"","thanks":"Thanks to Adam Caudill for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["http://www.dovestones.com/security-vulnerability-in-ad-self-password-reset-v3-0-3-0/","http://www.dovestones.com/active-directory-password-reset/","https://cwe.mitre.org/data/definitions/284.html"],"cveids":["CVE-2015-8267"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-10-19T11:20:46Z","publicdate":"2015-12-18T00:00:00Z","datefirstpublished":"2015-12-18T15:32:47Z","dateupdated":"2015-12-18T16:43:25Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.5","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.9","cvss_environmentalscore":"1.46512201740581","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}