Описание
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 22.0 (исключая)
cpe:2.3:a:priority-software:priority:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00133
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.
EPSS
Процентиль: 33%
0.00133
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640