Vulnerability in One Identity Password Manager Allows User Answer Enumeration
CVE-2020-7962

5.3MEDIUM

Key Information:

Vendor: Oneidentity
Status: Password Manager
Vendor: CVE Published:; 13 November 2020

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2020-7962?

A security issue has been identified in One Identity Password Manager version 5.8, which allows an attacker to enumerate valid user answers. This vulnerability arises from the way the application handles HTTP response content; specifically, when a user answer is incorrect, the response simply states WRONG ID. This provides attackers with the means to infer valid answers, which can then be exploited during a password reset procedure, thereby compromising user accounts and sensitive information.

References

https://cxsecurity.com/issue/WLB-2020050185

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2020
Vulnerability Reserved
Jan 24, 2020