| Title | SGS Intergard v. 8.7.0 Denial of service by mass updating all users with an arbitrary password chosen by the adversary. |
|---|
| Description | Denial of service by mass updating all users with an arbitrary password chosen by the adversary.
With a valid user, whatever the privilege, it is possible to use the change password functionality of the user in question to strictly change the password of all system users in bulk to one chosen and known only by the attacker, leaving everyone without access to the system.
Company website: https://www.intergard.com.br/ |
|---|
| Source | ⚠️ https://www.youtube.com/watch?v=CtOFB-L1rOg |
|---|
| User | hiagomoura (UID 50347) |
|---|
| Submission | 07/11/2023 04:26 (3 years ago) |
|---|
| Moderation | 07/18/2023 21:30 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 234445 [Intergard SGS 8.7.0 Change Password denial of service] |
|---|
| Points | 16 |
|---|