Vulnerability CVE-2020-27422


Published: 2020-11-16

Description:
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Anuko Time Tracker 1.19.23.5311 Password Reset
Mufaddal Masalaw...
13.11.2020
Low
Anuko Time Tracker 1.19.23.5311 Password Reset leading to Account Takeover
Mufaddal Masalaw...
10.12.2020

 References:
https://packetstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-Password-Reset.html
https://www.anuko.com/time-tracker/index.htm

Copyright 2021, cxsecurity.com

 

Back to Top