Vulnerabilities > CVE-2011-4555 - Credentials Management vulnerability in Oneclickorgs ONE Click Orgs

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

oneclickorgs

CWE-255

NVD

Published: 2011-12-06

Updated: 2011-12-08

Summary

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.

Vulnerable Configurations

Part	Description	Count
Application	Oneclickorgs Oneclickorgs ONE Click Orgs 1.0.0 Oneclickorgs ONE Click Orgs 1.0.1 Oneclickorgs ONE Click Orgs 1.1.0 Oneclickorgs ONE Click Orgs 1.1.1 Oneclickorgs ONE Click Orgs 1.2.0 Oneclickorgs ONE Click Orgs 1.2.1 Oneclickorgs ONE Click Orgs *	7

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://dmcdonald.net/?page_id=43
https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain