Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing userĀ“s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-09-04T12:49:47.169Z
Updated: 2024-08-02T06:48:07.832Z
Reserved: 2023-06-13T15:40:03.340Z
Link: CVE-2023-3222
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-04T13:15:33.987
Modified: 2023-09-08T14:07:29.030
Link: CVE-2023-3222
Redhat
No data.