CVE-2023-34357

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-640
View all →

Vulnerability Description

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

Related Vulnerabilities

CVE-2017-8916

HIGH
CVSS:7.8(High)

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, ther...

CWE-6402017

CVE-2023-29145

HIGH
CVSS:7.8(High)

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY...

CWE-6402023

CVE-2023-31287

HIGH
CVSS:7.8(High)

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid e...

CWE-6402023

CVE-2020-5361

HIGH
CVSS:7.6(High)

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized ...

CWE-6402020

CVE-2021-25961

HIGH
CVSS:8.0(High)

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible f...

CWE-6402021

CVE-2024-2463

HIGH
CVSS:8.0(High)

Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.

CWE-6402024