Описание
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emsigner:emsigner:2.8.7:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-276
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
EPSS
Процентиль: 55%
0.00323
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-276