Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
History

Mon, 30 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-09-04T12:49:47.169Z

Updated: 2024-09-30T18:46:16.475Z

Reserved: 2023-06-13T15:40:03.340Z

Link: CVE-2023-3222

cve-icon Vulnrichment

Updated: 2024-08-02T06:48:07.832Z

cve-icon NVD

Status : Modified

Published: 2023-09-04T13:15:33.987

Modified: 2024-11-21T08:16:43.900

Link: CVE-2023-3222

cve-icon Redhat

No data.