Description

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.

Remediation

References

CVE-2015-8707

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2015-1788)

WordPress Plugin Sponsors Carousel Cross-Site Scripting (4.02)

Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)

Oracle JRE CVE-2013-1569 Vulnerability (CVE-2013-1569)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)

Severity

Critical

Classification

CVE-2015-8707 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities