CVE-2021-44152
published 2021-12-13CVE-2021-44152: An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
58.55%
99.0th percentile
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reprisesoftware | reprise_license_manager | < 15.1 | 15.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe GET /goforms/menu and check response body for the string 'RLM Administration Commands' with HTTP 200 to confirm an exposed Reprise License Manager instance. ↗
- →Shodan queries 'http.html:"Reprise License Manager"', 'http.html:"reprise license"', and 'http.html:"reprise license manager"' can be used to identify internet-exposed RLM instances. ↗
- →FOFA queries 'body="reprise license manager"' and 'body="reprise license"' identify exposed RLM web interfaces. ↗
- →Google dork 'inurl:"/goforms/menu"' can surface publicly accessible RLM administration panels. ↗
- →Unauthenticated POST requests to /goform/change_password_process should be treated as exploitation attempts; monitor for this path in web server logs with no prior authenticated session. ↗
- ·The vulnerability is specific to Reprise License Manager version 14.2; other versions may or may not be affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Reprise License Manager 14.2 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2021-44152 [CRITICAL] Reprise License Manager 14.2 - Authentication Bypass
Reprise License Manager 14.2 - Authentication Bypass
Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
Template:
id: CVE-2021-44152
info:
name: Reprise License Manager 14.2 - Authentication Bypass
author: Akincibor
severity: critical
description: |
Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
impact: |
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Reprise License Manager.
remediation: |
Apply the latest security patch or upgrade to a patched version of Reprise License Manager to
No writeups or analysis indexed.
http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.htmlhttps://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yeshttps://www.reprisesoftware.com/RELEASE_NOTEShttp://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.htmlhttps://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yeshttps://www.reprisesoftware.com/RELEASE_NOTES
2021-12-13
Published