CVE-2014-1644

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 29 March 2014

Summary

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2014-03/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/66399

vdb-entryx_refsource_BID

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 29, 2014
Vulnerability Reserved
Jan 23, 2014