Authentication Bypass Vulnerability in Gladinet CentreStack
CVE-2023-26829

9.8CRITICAL

Key Information:

Vendor: Gladinet
Status: Centrestack
Vendor: CVE Published:; 31 March 2023

Summary

An authentication bypass vulnerability exists in the Password Reset component of Gladinet CentreStack prior to version 13.5.9808. This allows remote attackers to change the password of any valid user account without possessing the previous password. The flaw poses significant security risks as it enables unauthorized access, potentially compromising sensitive data and user accounts.

References

https://www.whiteoaksecurity.com/blog/centrestack-disclos...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2023
Vulnerability Reserved
Feb 27, 2023