Weak Password Recovery Mechanism for Forgotten Password

CVE-2023-3007

Medium

6.5/10

Summary

A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References

Advisory Timeline

Published May 31, 2023

Weak Password Recovery Mechanism for Forgotten Password

CVE-2023-3007

Summary

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS