Описание
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
EPSS
Процентиль: 16%
0.0005
Низкий
10 Critical
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 10
github
26 дней назад
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
EPSS
Процентиль: 16%
0.0005
Низкий
10 Critical
CVSS3
Дефекты
CWE-640