Security Advisory

CVE-2023-3222

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-04 12:49:47

Last updated 2024-09-30 18:46:16

Assigner INCIBE

State PUBLISHED

Description

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.

← Browse all CVEs View on cve.org ↗