Описание
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
EPSS
Процентиль: 31%
0.00117
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 9.8
github
3 месяца назад
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
EPSS
Процентиль: 31%
0.00117
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-640