PT-2025-20728 · Flytxt · Flytxt Neon-Dx
Published
2025-05-12
·
Updated
2025-05-12
·
CVE-2023-34732
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Flytxt NEON-dX version 0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c
Description
The issue concerns the
userId parameter in the change password function, allowing attackers to execute brute force attacks to discover user passwords. This could potentially lead to unauthorized access to user accounts.Recommendations
For Flytxt NEON-dX version 0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c, consider restricting access to the change password function to minimize the risk of exploitation. As a temporary workaround, avoid using the
userId parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flytxt Neon-Dx