← Back

CVE-2023-34357

nvd nist
Published: Sep 7, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: twcert@cert.org.tw (Secondary)

Description

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

Affected (2)

Products: Scshr: Hr Portal
Scshr
1 product
Hr Portal
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Scshr
Hr Portal
Version 7.3.2023.0510
Hr Portal
Version 7.3.2023.0705

Related CWEs

CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

Source: twcert@cert.org.tw
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.