Описание
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
EPSS
Процентиль: 13%
0.00043
Низкий
7.5 High
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
EPSS
Процентиль: 13%
0.00043
Низкий
7.5 High
CVSS3
Дефекты
CWE-640