Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://secpro.llc/emsigner-cve-2/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-14T00:00:00
Updated: 2024-08-02T19:52:11.907Z
Reserved: 2023-09-25T00:00:00
Link: CVE-2023-43902
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-14T05:15:08.833
Modified: 2023-11-17T22:07:30.403
Link: CVE-2023-43902
Redhat
No data.