CVE-2024-45979

Name of the Vulnerable Software and Affected Versions Lines Police CAD version 1.0

Description A host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link, enabling them to arbitrarily reset other users' passwords and compromise their accounts.

Recommendations For Lines Police CAD version 1.0, consider disabling the password reset functionality until a patch is available to prevent exploitation of the host header injection issue. Restrict access to the password reset link to minimize the risk of attackers obtaining the password reset token. Avoid using crafted password reset links to prevent user interaction that could lead to account compromise.