QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-1940

Back to search

CVE-2020-1940

Published: Jan 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.

VendorProductVersions

Apache Software Foundation

Apache Jackrabbit Oak

affected
1.2.0 to 1.22.0

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now