Improper Access Control Allows Unauthorized Password Changes in Odoo Community 9.0 and Odoo Enterprise 9.0

Improper Access Control Allows Unauthorized Password Changes in Odoo Community 9.0 and Odoo Enterprise 9.0

CVE-2018-14868 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.

Learn more about our User Device Pen Test.