CVE-2023-53775

Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3

Description Screen SFT DAB 1.9.3 has a flaw in its authentication process, allowing unauthorized modification of user passwords. This is due to weak session management controls, specifically the reuse of IP-bound session identifiers. Attackers can exploit this to issue unauthorized requests to the userManager API and change user credentials without valid authentication. The vulnerability allows attackers to bypass authentication checks.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the userManager API to minimize the risk of exploitation.