2026-03-19 15:47:59
cisa-cg
PUBLISHED
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via ForcePasswordReset.aspx. An attacker who knows an existing users email address can reset the users password and security questions. Existing security questions are not asked during the process.