CVE-2014-2849 Information

Description

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Reference

http://secunia.com/advisories/57706 http://www.exploit-db.com/exploits/32789 http://www.securityfocus.com/bid/66734 http://www.sophos.com/en-us/support/knowledgebase/120230.aspx http://www.zerodayinitiative.com/advisories/ZDI-14-069/