CVE-2024-38287

Name of the Vulnerable Software and Affected Versions R-HUB TurboMeeting versions through 8.x

Description The password-reset mechanism in the Forgot Password functionality allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.

Recommendations For R-HUB TurboMeeting versions through 8.x, consider temporarily disabling the Forgot Password functionality until a patch is available to prevent unauthorized password resets. Restrict access to the administrator account to minimize the risk of exploitation. Avoid using the Forgot Password feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.