SecurityFocus

Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness Apr 04 2017 05:57AM
Patrick Webster (patrick osisecurity com au)

https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeratio
n-and-bruteforce-weakness.html

Date:
04-Apr-2017

Software:
Kaseya

Affected version:
Kaseya VSA v6.5.0.0.

Vulnerability details:

1. The "forgot password" function at https://[target]/access/logon.asp
reveals whether a userna...

[ more ]