CVE-2022-44004

Name of the Vulnerable Software and Affected Versions BACKCLICK Professional version 5.9.63

Description An issue was discovered due to insecure design or lack of authentication, allowing unauthenticated attackers to complete the password-reset process for any account and set a new password.

Recommendations For BACKCLICK Professional version 5.9.63, consider temporarily restricting access to the password-reset feature until a patch is available. As a mitigation measure, restrict the ability for unauthenticated users to initiate password resets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.