PT-2023-24837 · Soar Cloud · Soar Cloud Ltd. Hr Portal

Chun Li Lin

Publicado

2023-09-06

Atualizado

2023-09-12

CVE-2023-34357

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Soar Cloud Ltd. HR Portal (affected versions not specified)

Description The issue concerns a weak Password Recovery Mechanism for Forgotten Password in the Soar Cloud Ltd. HR Portal. The reset password link sent out through e-mail remains valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or the link can use the URL again to change the password, potentially taking over the account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-640

Identificadores relacionados

CVE-2023-34357

Produtos afetados

Soar Cloud Ltd. Hr Portal

PT-2023-24837 · Soar Cloud · Soar Cloud Ltd. Hr Portal

CVE-2023-34357

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7