2020-11-16 15:49:10
mitre
PUBLISHED
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesnt expire once used, allowing an attacker to use the same link to takeover the account.