Vulnerability Details CVE-2020-7962
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
Products affected by CVE-2020-7962
-
cpe:2.3:a:oneidentity:password_manager:5.8