Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html - Third Party Advisory |
12 Sep 2023, 11:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Scshr
Scshr hr Portal |
|
CPE | cpe:2.3:a:scshr:hr_portal:7.3.2023.0705:*:*:*:*:*:*:* cpe:2.3:a:scshr:hr_portal:7.3.2023.0510:*:*:*:*:*:*:* |
|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html - Third Party Advisory |
07 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-07 03:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-34357
Mitre link : CVE-2023-34357
CVE.ORG link : CVE-2023-34357
JSON object : View
Products Affected
scshr
- hr_portal
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password