CVE-2024-34077

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.2

Description Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling "account update.php" with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account.

Recommendations For versions prior to 2.26.2, update to version 2.26.2 to resolve the issue. As a temporary workaround, consider reducing the verification token's validity by changing the value of the TOKEN EXPIRY AUTHENTICATED constant in constants inc.php.