Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
References
Link | Resource |
---|---|
https://secpro.llc/emsigner-cve-2/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-14T00:00:00
Updated: 2023-11-14T05:03:43.984878
Reserved: 2023-09-25T00:00:00
Link: CVE-2023-43902
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-14T05:15:08.833
Modified: 2023-11-17T22:07:30.403
Link: CVE-2023-43902
JSON object: View
Redhat Information
No data.
CWE