2018-09-28 20:00:00
lenovo
PUBLISHED
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the users current password to set a new one. As a result, attackers with access to the users session tokens can change their password and retain access to the users account