Insecure Access Control in Password Reset Component of Odoo Community and Enterprise 11.0 and Earlier

Insecure Access Control in Password Reset Component of Odoo Community and Enterprise 11.0 and Earlier

CVE-2018-14859 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.

Learn more about our User Device Pen Test.