2025-10-31 18:31:42
cisa-cg
PUBLISHED
ELOG allows an authenticated user to modify another users profile. An attacker can edit a target users email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.