CVE-2009-5025

Name of the Vulnerable Software and Affected Versions PyForum version 1.0.3

Description A backdoor was found in PyForum where an attacker who knows a valid user email could force a password reset on behalf of that user.

Recommendations For PyForum version 1.0.3, consider disabling the password reset feature until a patch is available to prevent exploitation. Restrict access to the password reset module to minimize the risk of unauthorized password resets. Avoid using the email address as a means of authentication in the affected password reset functionality until the issue is resolved.