Vulnerability in One Identity Password Manager Allows User Answer Enumeration
CVE-2020-7962

5.3MEDIUM

Key Information:

Vendor: Oneidentity
Status: Password Manager
Vendor: CVE Published:; 13 November 2020

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2020-7962?

A security issue has been identified in One Identity Password Manager version 5.8, which allows an attacker to enumerate valid user answers. This vulnerability arises from the way the application handles HTTP response content; specifically, when a user answer is incorrect, the response simply states WRONG ID. This provides attackers with the means to infer valid answers, which can then be exploited during a password reset procedure, thereby compromising user accounts and sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cxsecurity.com/issue/WLB-2020050185

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2020
Vulnerability Reserved
Jan 24, 2020

JSON

Oneidentity

What is CVE-2020-7962?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.