Vulnerabilities > CVE-2014-6607 - Credentials Management vulnerability in Mmonit M/Monit
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | M/Monit 3.3.2 - CSRF Vulnerability. CVE-2014-6409. Webapps exploit for php platform |
| file | exploits/php/webapps/34718.txt |
| id | EDB-ID:34718 |
| last seen | 2016-02-03 |
| modified | 2014-09-20 |
| platform | php |
| port | |
| published | 2014-09-20 |
| reporter | Dolev Farhi |
| source | https://www.exploit-db.com/download/34718/ |
| title | M/Monit 3.3.2 - CSRF Vulnerability |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/128321/mmonit-xsrf.txt |
| id | PACKETSTORM:128321 |
| last seen | 2016-12-05 |
| published | 2014-09-19 |
| reporter | Dolev Farhi |
| source | https://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html |
| title | M/Monit 3.2.2 Cross Site Request Forgery |