CVE-2008-5670 - Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which mak

CVE-2008-5670

Summary

Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.

References

http://secunia.com/advisories/28793
http://securityreason.com/securityalert/4786
http://www.securityfocus.com/archive/1/487483/100/200/threaded
http://www.securityfocus.com/bid/27606

Vulnerable Configurations

cpe:2.3:a:textpattern:textpattern:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:textpattern:textpattern:4.0.5:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2018 - 20:56)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	27606
bugtraq	20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities
secunia	28793
sreason	4786

Last major update

11-10-2018 - 20:56

Published

19-12-2008 - 01:52

Last modified

11-10-2018 - 20:56