CVE-2010-3905 Information

Description

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication which allows remote attackers to gain privileges by sending password reset requests for other users.

Reference

http://open.eucalyptus.com/wiki/esa-01 http://secunia.com/advisories/42632 http://secunia.com/advisories/42666 http://www.securityfocus.com/bid/45462 http://www.ubuntu.com/usn/USN-1033-1 http://www.vupen.com/english/advisories/2010/3259 http://www.vupen.com/english/advisories/2010/3260 https://exchange.xforce.ibmcloud.com/vulnerabilities/64167