VYPR

Helpdesk

by Jitbit

CVEs (1)

  • CVE-2017-18486HigAug 9, 2019
    risk 0.47cvss 7.2epss 0.05

    Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the…