all InfoSec news
CVE-2020–10965 : Unauthenticated Admin Password Reset
March 24, 2023, 3:45 p.m. | ASWIN K V
InfoSec Write-ups - Medium infosecwriteups.com
CVE-2020–10965 : Unauthenticated Admin Password Reset
Hello folks,
A vulnerability was identified in the default admin account’s Login/ResetAdminPassword function, which allows for unauthenticated password resets, possibly allowing an attacker to obtain unauthorised access to the account.
https://rashahacks.com/content/images/size/w1140/2023/02/passwords-2.png
Description:
The vulnerability allows an attacker to modify the password of default admin without any authentication. By accessing the Login/ResetAdminPassword , an attacker can provide an email address associated with the admin account, and a password reset link will be sent to that …
admin-panel bug bounty cve cybersecurity hacking password password reset penetration testing reset
More from infosecwriteups.com / InfoSec Write-ups - Medium
JNDI Injection — The Complete Story
3 days, 9 hours ago |
infosecwriteups.com
HacktheBox Starting Point: Explosion Walkthrough
4 days, 23 hours ago |
infosecwriteups.com
My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI
5 days, 10 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior Application Security Engineer, Application Security
@ Miro | Amsterdam, NL
SOC Analyst (m/w/d)
@ LANXESS | Leverkusen, NW, DE, 51373
Lead Security Solutions Engineer (Remote, North America)
@ Dynatrace | Waltham, MA, United States