CVE-2024-47768

Name of the Vulnerable Software and Affected Versions Lif Authentication Server versions prior to 1.7.3

Description The issue is related to the account recovery system of the Lif Authentication Server, where there is no check to ensure the user has received the recovery email and entered the correct code. An attacker who knows the target's email can supply the email and prompt the server to update the password without needing the code.

Recommendations For versions prior to 1.7.3, update to version 1.7.3 to resolve the issue. As a temporary workaround, consider restricting access to the account recovery system until the patch is applied.