Security Advisory

CVE-2025-3895

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-23 10:20:03

Last updated 2025-05-23 12:07:48

Assigner CERT-PL

State PUBLISHED

Description

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators). Version 5.20 of MegaBIP fixes this issue.

← Browse all CVEs View on cve.org ↗