An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBuffalo Open Xdmod
APPBuffalo< 8.0.0
Related vulnerabilities
RCE poprzez command injection w Open XDMoD (wersje 9.5.0–11.0.2)
SQL Injection w Open XDMoD — nieuwierzytelniony dostęp do bazy danych
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authentic...
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal...
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Op...