Combodo iTop's weak password reset token leads to account takeover
CVE-2022-39216
7.4HIGH
What is CVE-2022-39216?
Combodo iTop, an open-source IT service management platform, contains a vulnerability where the password reset token is generated without sufficient randomness. This lack of randomness can allow attackers to predict or guess the token, leading to potential account takeover. The issue has been addressed in updates to versions 2.7.8 and 3.0.2-1, ensuring a more secure token generation process.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
iTop < 2.7.8 < 2.7.8
iTop >= 3.0.0, < 3.0.2-1 < 3.0.0, 3.0.2-1
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved