Good’s Basic Laboratory Information System 3.4 Weak Password Recovery Mechanism for Forgotten Password Vulnerability

Summary

Computing For Good’s Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, “Improper Access Control.” 

Credit:

The information has been provided by Aditi Shah

The original article can be found at:https://blog.rapid7.com/2019/09/10/r7-2019-09-cve-2019-5617-cve-2019-5643-cve-2019-5644-c4g-blis-authentication-and-authorization-vulnerabilities-fixed/


Details

As a result, an unauthenticated user may change the password of any administrator-level user.

 

Vulnerable Systems:

Good’s Basic Laboratory Information System 3.4

 

CVE Information:

CVE-2019-5617

 

Disclosure Timeline:
Published Date:11/6/2019