VYPR
Unrated severityNVD Advisory· Published Sep 7, 2023· Updated Sep 26, 2024

Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password

CVE-2023-34357

Description

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.