Luis De La Rosa Hernandez

**Name of the Vulnerable Software and Affected Versions** TaskCafe version 0.3.2 **Description** The issue is related to a lack of validation in the Cookie value, which allows an unauthenticated attacker who knows a registered `UserID` to change the password of that user. This can be exploited by attackers without authentication, posing a significant risk. **Recommendations** For TaskCafe version 0.3.2, consider disabling the password reset functionality until a patch is available to prevent exploitation. Restrict access to the Cookie value to minimize the risk of unauthorized password changes. Avoid using the `UserID` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.