VYPR
Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Aug 3, 2024

CVE-2022-26314

CVE-2022-26314

Description

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Affected products

3
  • >=3.3.0 <3.5.1; <3.2.2 (Mendix 7 compatible)+ 2 more
    • (no CPE)range: >=3.3.0 <3.5.1; <3.2.2 (Mendix 7 compatible)
    • (no CPE)range: All versions >= V3.3.0 < V3.5.1
    • (no CPE)range: All versions < V3.2.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.