Vulnerability Details : CVE-2010-1910
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2010-1910
Probability of exploitation activity in the next 30 days: 1.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1910
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2010-1910
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1910
-
http://www.securityfocus.com/archive/1/511176/100/0/threaded
SecurityFocus
-
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
Patch;Vendor Advisory
-
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
404 Not Found
-
http://www.kb.cert.org/vuls/id/602801
VU#602801 - Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilitiesPatch;US Government Resource
-
http://www.securityfocus.com/bid/40003
Multiple Consona Products Password Reset Security Bypass Vulnerability
Products affected by CVE-2010-1910
- cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
- cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
- cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*