2017-10-17 22:00:00
icscert
PUBLISHED
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a users password, enabling future access and possible configuration changes.