The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ilias | Ilias | 7.0 (including) | 7.20 (including) |
| Ilias | Ilias | 8.0 (including) | 8.1 (including) |
References
- https://docu.ilias.de/ilias.php?ref_id=1719\u0026obj_id=141694\u0026obj_type=PageObject\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=13g\u0026baseClass=ilLMPresentationGUI
- https://docu.ilias.de/ilias.php?ref_id=1719\u0026obj_id=141703\u0026obj_type=PageObject\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=13g\u0026baseClass=ilLMPresentationGUI
- https://docu.ilias.de/ilias.php?ref_id=1719\u0026obj_id=141694\u0026obj_type=PageObject\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=13g\u0026baseClass=ilLMPresentationGUI
- https://docu.ilias.de/ilias.php?ref_id=1719\u0026obj_id=141703\u0026obj_type=PageObject\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=13g\u0026baseClass=ilLMPresentationGUI