Tahar Bennacef

**Name of the Vulnerable Software and Affected Versions** LDAP Tool Box Self Service Password version 1.5.2 **Description** The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that generate tokens sent to a server controlled by the attacker. Successful exploitation could lead to account takeover by intercepting and using stolen reset tokens. The vulnerability involves manipulating the `Host` header during the token generation process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.