Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1910

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

Published

2010-05-12T11:46:31.703

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

4.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application consona consona_dynamic_agent - Yes
Application consona consona_dynamic_agent - Yes
Application consona consona_dynamic_agent - Yes
Application consona consona_live_assistance * Yes
Application consona consona_subscriber_assistance * Yes
References