HTTP: CMS Made Simple login.php remote password reset vulnerability
This signature detects attempts to exploit remote password reset vulnerability in CMS Made Simple. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request of password reset to the target system. Successful exploitation can result in the attacker being able to change the password of vulnerable accounts.
Extended Description
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Affected Products
Cmsmadesimple cms_made_simple
References
CVE: CVE-2018-10081
Short Name
HTTP:CMSMS-PASSWD-RESET
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CMS CVE-2018-10081 Made Simple login.php password remote reset vulnerability
Release Date
06/28/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
Vendors
Cmsmadesimple
CVSS Score
5.0