Enhancesoft osTicket up to 1.10.1 Password Reset credentials management

A vulnerability classified as critical has been found in Enhancesoft osTicket up to 1.10.1 (Ticket Tracking Software). Affected is some unknown processing of the component Password Reset. Upgrading to version 1.10.2 eliminates this vulnerability.

Field03/28/2018 09:09 AM01/17/2020 01:39 PM
typeTicket Tracking SoftwareTicket Tracking Software
vendorEnhancesoftEnhancesoft
nameosTicketosTicket
version<=1.10.1<=1.10.1
componentPassword ResetPassword Reset
cwe255 (credentials management)255 (credentials management)
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore5.95.9
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore6.86.8
cvss3_meta_tempscore6.56.5
cvss3_vuldb_basescore5.65.6
cvss3_vuldb_tempscore5.45.4
cvss3_vuldb_avNN
cvss3_vuldb_acHH
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acHH
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1522108800 (03/27/2018)1522108800 (03/27/2018)
urlhttps://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229chttps://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.10.21.10.2
cveCVE-2018-7195CVE-2018-7195
cve_assigned1518825600 (02/17/2018)1518825600 (02/17/2018)
cve_nvd_published15221088001522108800
cve_nvd_summaryEnhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
seealso115125 115126 115127 115129115125 115126 115127 115129
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days55
cvss3_nvd_basescore8.18.1
discoverydate1521676800

Do you know our Splunk app?

Download it now for free!