CVE-2007-3787 Information

Description

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password which might allow remote attackers to gain privileges by conducting a CSRF attack making a password change from an unattended workstation or other attacks.

Reference

http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt http://osvdb.org/38175 http://secunia.com/advisories/26005 http://www.securityfocus.com/archive/1/473663/100/0/threaded