CVE-2023-34357

CVE-2023-34357

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

Source: CVE-2023-34357

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다