PT-2022-17782 · Mendix · Mendix Forgot Password Appstore Module

Published

2022-03-08

Updated

2022-06-04

CVE-2022-26314

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mendix Forgot Password Appstore module versions 3.3.0 through 3.5.0 Mendix Forgot Password Appstore module (Mendix 7 compatible) versions prior to 3.2.2

Description A security issue has been found where initial passwords are generated in an insecure manner, potentially allowing an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Recommendations For Mendix Forgot Password Appstore module versions 3.3.0 through 3.5.0, update to version 3.5.1 or later to resolve the issue. For Mendix Forgot Password Appstore module (Mendix 7 compatible) versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2022-26314

Affected Products

Mendix Forgot Password Appstore Module

PT-2022-17782 · Mendix · Mendix Forgot Password Appstore Module

CVE-2022-26314

Weakness Enumeration

Related Identifiers

Affected Products

References · 4