CVE-2018-16988

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
xdmodopen_xdmod
𝑥
≤ 7.0.1
xdmodopen_xdmod
7.5.0
xdmodopen_xdmod
7.5.0:rc1
xdmodopen_xdmod
7.5.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/grymer/CVE/blob/master/CVE-2018-16988.md
https://github.com/grymer/CVE/blob/master/CVE-2018-16988.md