CVE-2023-26829: 
Gladinet CentreStack vulnerability analysis and mitigation

An authentication bypass vulnerability was identified in the Password Reset component of Gladinet CentreStack versions before 13.5.9808 (CVE-2023-26829). The vulnerability was disclosed on March 31, 2023, and affects the authentication mechanism of the CentreStack platform (NVD).

The vulnerability allows remote attackers to bypass authentication controls in the Password Reset component. The severity of this vulnerability is rated as CRITICAL with a CVSS v3.1 Base Score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified under CWE-863 (Incorrect Authorization) (NVD).

The vulnerability enables remote attackers to set a new password for any valid user account without requiring knowledge of the previous password. This effectively results in a complete authentication bypass, potentially allowing unauthorized access to any user account in the system (NVD).

Users should upgrade to CentreStack version 13.5.9808 or later to address this vulnerability. The fix has been implemented in this version to prevent unauthorized password resets (NVD).