VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3905
eucalyptus: The password reset feature in the administrator int...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3905

Original

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-12-22
Source Information Category:
Advisory, Alert
Last Updated:
2010-12-23




Affected Product Tags
cpe:/a:eucalyptus:eucalyptus:2.0.0
cpe:/a:eucalyptus:eucalyptus:2.0.1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 45462




CONFIRM http://open.eucalyptus.com/wiki/esa-01




SECUNIA 42666




SECUNIA 42632




UBUNTU USN-1033-1




VUPEN ADV-2010-3260




VUPEN ADV-2010-3259




Vulnerability Type Authentication Issues (CWE-287)




XF eucalyptus-adminui-security-bypass(64167)




Copyright © 2010 JPCERT/CC All Rights Reserved.