Vulnerabilities > CVE-2020-7962 - Information Exposure Through Discrepancy vulnerability in Oneidentity Password Manager 5.8

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

oneidentity

CWE-203

NVD

Published: 2020-11-13

Updated: 2021-07-21

Summary

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect.

Vulnerable Configurations

Part	Description	Count
Application	Oneidentity Oneidentity Password Manager 5.8	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://cxsecurity.com/issue/WLB-2020050185