Password Reset Vulnerability in Forcepoint Email Security
CVE-2018-16529

9.8CRITICAL

Key Information:

Vendor: Forcepoint
Status: Forcepoint Email Security
Vendor: CVE Published:; 28 March 2019

What is CVE-2018-16529?

A vulnerability has been identified in Forcepoint Email Security 8.5.x that allows an attacker to exploit the password reset functionality. The reset URL can remain active beyond its intended expiration period, and can be reused even after a password has been changed, potentially allowing unauthorized access to sensitive accounts.

Affected Version(s)

Forcepoint Email Security 8.5.x

References

https://seclists.org/fulldisclosure/2018/Nov/23

x_refsource_MISC

https://help.forcepoint.com/security/CVE/CVE-2018-16529.html

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Sep 5, 2018