2024-10-04 00:00:00
mitre
PUBLISHED
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.