CVE-2018-0696

1. Home
2. Security
3. Security Advisories
4. CVE-2018-0696

Description

OpenAM (Open Source Edition) contains a vulnerability in session management.

Impact

A user who can login to the product may change the security questions and reset the login password.

Solution

Patch for this vulnerability has been released by OpenAM Consortium. Apply the patch according to the information provided by OpenAM Consortium.

Workaround

The impact of this vulnerability can be mitigated by disabling the Security Questions function for password resetting.

Reference

• https://github.com/openam-jp/openam/issues/19
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0696
• https://jvn.jp/en/jp/JVN49995005/