Weak Password Recovery Mechanism for Forgotten Password

CVE-2018-12315

Medium

6.5/10

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.