Password Manager 5.8 : Secret answer enumeration

2020.05.23

Clément Cruchet (CA)

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2020-7962

CWE: CWE-640

An issue was discovered in One Identity Password Manager 5.8.

An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset action on a chosen password. 

The enumeration is possible because, within the HTTP response content, WRONG ID parameter is only returned when the answer is incorrect, giving to an attacker the possibility to make OSINT on specific user and verify answer.

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Password Manager 5.8 : Secret answer enumeration

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.