Upstream information
Description
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 3.5 |
Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
SUSE Timeline for this CVE
CVE page created: Fri Mar 20 14:16:10 2015CVE page last modified: Fri Oct 7 12:47:05 2022