Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-09-04T12:49:47.169Z
Updated: 2024-09-30T18:46:16.475Z
Reserved: 2023-06-13T15:40:03.340Z
Link: CVE-2023-3222
Vulnrichment
Updated: 2024-08-02T06:48:07.832Z
NVD
Status : Modified
Published: 2023-09-04T13:15:33.987
Modified: 2024-11-21T08:16:43.900
Link: CVE-2023-3222
Redhat
No data.