PT-2023-27722 · Fujitsu · Fujitsu Arconte Áurea
Jorge Alberto Palma Reyes
+1
·
Published
2023-09-19
·
Updated
2023-09-21
·
CVE-2023-4096
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Fujitsu Arconte Áurea version 1.5.0.0
Description
The issue is related to a weak password recovery mechanism, which could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.
Recommendations
For Fujitsu Arconte Áurea version 1.5.0.0, consider temporarily restricting the use of the password recovery mechanism until a patch is available. As a mitigation measure, restrict access to the password recovery feature to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fujitsu Arconte Áurea