PT-2026-6201 · Unknown · Open Eclass

Stolichnayer

·

Publicado

2026-02-03

·

Atualizado

2026-02-03

·

CVE-2026-24669

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2
Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A flaw in the password reset process in versions prior to 4.2 allows a local attacker to reuse a valid password reset token after it has been used. This can lead to unauthorized password changes and potential account takeover.
Recommendations Update to version 4.2 or later.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

CVE-2026-24669
GHSA-GCQQ-FXW6-F866

Produtos afetados

Open Eclass