CVE-2025-1231
11.02.2025, 14:15
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.Enginsight
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2024.3.11.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-640 - Weak Password Recovery Mechanism for Forgotten PasswordThe software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.