CVE-2018-16529

A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.

Published: Mar 28, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-16529
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-640

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
forcepoint / email_security	8.5.0	8.5.3.x

https://help.forcepoint.com/security/CVE/CVE-2018-16529.html
https://seclists.org/fulldisclosure/2018/Nov/23

Vulnerability Database

289,599

CVE-2018-16529