CVE-2011-4678

Name of the Vulnerable Software and Affected Versions One Click Orgs versions prior to 1.2.3

Description The password reset feature generates different error messages for failed reset attempts depending on whether the e-mail address is registered. This allows remote attackers to enumerate user accounts via a series of requests.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider modifying the password reset feature to return generic error messages for all failed reset attempts, regardless of whether the e-mail address is registered.