In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.whitehack.de/advisories/HWADV2020-001.txt |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-16T01:19:27
Updated: 2024-08-04T16:40:59.803Z
Reserved: 2020-11-16T00:00:00
Link: CVE-2020-28642
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-11-16T02:15:12.970
Modified: 2020-11-30T15:01:00.033
Link: CVE-2020-28642
Redhat
No data.