CVE-2023-34357

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:scshr:hr_portal:7.3.2023.0510:*:*:*:*:*:*:*
cpe:2.3:a:scshr:hr_portal:7.3.2023.0705:*:*:*:*:*:*:*

History

12 Sep 2023, 11:59

Type Values Removed Values Added
First Time Scshr
Scshr hr Portal
CPE cpe:2.3:a:scshr:hr_portal:7.3.2023.0705:*:*:*:*:*:*:*
cpe:2.3:a:scshr:hr_portal:7.3.2023.0510:*:*:*:*:*:*:*
References (MISC) https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html - (MISC) https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html - Third Party Advisory

07 Sep 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-07 03:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-34357

Mitre link : CVE-2023-34357

CVE.ORG link : CVE-2023-34357


JSON object : View

Products Affected

scshr

  • hr_portal
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password