← Zuruck zu CVEs
CVE-2020-27422
CRITICAL9.8
Beschreibung
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/16/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
anuko:time_tracker
Schwachen (CWE)
CWE-613
Referenzen
https://packetstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-Password-Reset.html(cve@mitre.org)
https://www.anuko.com/time-tracker/index.htm(cve@mitre.org)
https://packetstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-Password-Reset.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.anuko.com/time-tracker/index.htm(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.