Password Reset Flaw in Textpattern Affects User Account Security
CVE-2015-8033

5.3MEDIUM

Key Information:

Vendor: Textpattern
Status: Textpattern
Vendor: CVE Published:; 14 August 2020

🔔 Create Textpattern Vulnerability Alert

What is CVE-2015-8033?

In Textpattern version 4.5.7, a vulnerability exists in the password-reset feature that fails to securely associate a hash with user accounts. This oversight could potentially allow unauthorized access by enabling attackers to exploit weak links in the password management system, compromising user data privacy and security. It is crucial for users of affected versions to upgrade and implement recommended security patches to prevent potential risks.

References

https://github.com/textpattern/textpattern/blob/f94c3fb99...

x_refsource_CONFIRM

https://github.com/textpattern/textpattern/commit/1c09094...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2020
Vulnerability Reserved
Oct 30, 2015

CVE-2015-8033 Data

JSON