Podatność CVE-2024-22454


Publikacja: 2024-02-13

Opis:

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Typ:

CWE-640

(Weak Password Recovery Mechanism for Forgotten Password)

 Referencje:
https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities

Copyright 2024, cxsecurity.com

 

Back to Top