Vulnerability in N/a

CVE-2020-15906

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

EPSS: 0.856 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authenticatio… (x_refsource_MISC)
info.tiki.org/article473-Security-Releases-of-all-Tiki-versions-since-16-3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15906?: CVE-2020-15906 is a vulnerability in N/a. Published 2020-10-22.
Is CVE-2020-15906 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.