CVE-2020-10965 : What You Need to Know

Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. Learn about the impact, technical details, and mitigation steps for this CVE.

Understanding CVE-2020-10965

This CVE highlights a vulnerability in Teradici PCoIP Management Console versions 20.01.0 and 19.11.1 that allows unauthenticated password resets through the default admin account.

What is CVE-2020-10965?

The vulnerability in Teradici PCoIP Management Console versions 20.01.0 and 19.11.1 enables unauthorized password resets via the login/resetadminpassword function of the default admin account.

The Impact of CVE-2020-10965

This vulnerability poses a security risk as it allows unauthorized users to reset the admin password without authentication, potentially leading to unauthorized access and control of the system.

Technical Details of CVE-2020-10965

Teradici PCoIP Management Console vulnerability details:

Vulnerability Description

Vulnerable versions: 20.01.0 and 19.11.1
Fixed versions: 20.01.1 and 19.11.2
Exploitation: Unauthenticated password resets through the default admin account

Affected Systems and Versions

Affected versions: 20.01.0 and 19.11.1
Unaffected versions: 20.01.1 and 19.11.2

Exploitation Mechanism

The vulnerability allows attackers to reset the admin password without authentication, potentially gaining unauthorized access to the system.

Mitigation and Prevention

Protect your system from CVE-2020-10965 with these steps:

Immediate Steps to Take

Disable the default admin account if not in use
Update the Teradici PCoIP Management Console to versions 20.01.1 or 19.11.2

Long-Term Security Practices

Regularly review and update user access controls
Implement multi-factor authentication for enhanced security

Patching and Updates

Apply patches and updates provided by Teradici to fix the vulnerability