PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://forge.prestashop.com/browse/BOOM-4613 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-13T05:00:00
Updated: 2024-08-05T05:40:51.041Z
Reserved: 2018-01-12T00:00:00
Link: CVE-2018-5682
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-13T05:29:00.247
Modified: 2024-11-21T04:09:09.393
Link: CVE-2018-5682
Redhat
No data.