Michaå Walkowski

**Name of the Vulnerable Software and Affected Versions** CDeX application versions through 5.7.1 **Description** The issue is related to a weak password recovery mechanism in the CDeX application, which allows the retrieval of a password reset token. **Recommendations** For versions through 5.7.1, update to a version that contains a fix for this issue, as the current version allows exploitation of the weak password recovery mechanism. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CDeX application versions through 5.7.1 **Description** This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. **Recommendations** For versions through 5.7.1, update to a version later than 5.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the password recovery feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CDeX application versions through 5.7.1 **Description** The issue is an open redirection vulnerability in the CDeX application, allowing attackers to redirect users to arbitrary websites via a specially crafted URL. **Recommendations** For versions through 5.7.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.