PT-2023-13003 · Talend · Talend Administration Center
Alexis Pain
·
Published
2023-01-10
·
Updated
2024-07-03
·
CVE-2022-30332
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Talend Administration Center version 7.3.1.20200219
Description
The Forgot Password feature in the affected software provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests to the Forgot Password feature.
Recommendations
For Talend Administration Center version 7.3.1.20200219, update to a version that includes the fix for the issue, specifically after TAC-15950, to resolve the account enumeration vulnerability. As a temporary workaround, consider restricting access to the Forgot Password feature to minimize the risk of exploitation.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Talend Administration Center