CVE-2010-3905

EUVD-2010-3883
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
eucalyptuseucalyptus
2.0.0
eucalyptuseucalyptus
2.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eucalyptus
dapper
dne
hardy
dne
karmic
not-affected
lucid
not-affected
maverick
Fixed 2.0+bzr1241-0ubuntu4.1
released
Common Weakness Enumeration
References
http://open.eucalyptus.com/wiki/esa-01
http://secunia.com/advisories/42632
http://secunia.com/advisories/42666
http://www.securityfocus.com/bid/45462
http://www.ubuntu.com/usn/USN-1033-1
http://www.vupen.com/english/advisories/2010/3259
http://www.vupen.com/english/advisories/2010/3260
https://exchange.xforce.ibmcloud.com/vulnerabilities/64167
http://open.eucalyptus.com/wiki/esa-01
http://secunia.com/advisories/42632
http://secunia.com/advisories/42666
http://www.securityfocus.com/bid/45462
http://www.ubuntu.com/usn/USN-1033-1
http://www.vupen.com/english/advisories/2010/3259
http://www.vupen.com/english/advisories/2010/3260
https://exchange.xforce.ibmcloud.com/vulnerabilities/64167