TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
References
Configurations
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-09-10 21:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-12943
Mitre link : CVE-2019-12943
CVE.ORG link : CVE-2019-12943
JSON object : View
Products Affected
ttlock
- ttlock
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password