An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-07-06T13:11:31.992137Z
Updated: 2024-09-16T17:23:25.336Z
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23172
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-06T14:15:18.267
Modified: 2024-11-21T06:48:07.793
Link: CVE-2022-23172
Redhat
No data.