Filtered by vendor Password Recovery Project
Subscribe
Filtered by product Password Recovery
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3222 | 1 Password Recovery Project | 1 Password Recovery | 2024-02-28 | N/A | 7.5 HIGH |
| Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing userĀ“s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests. | |||||
| CVE-2023-3221 | 1 Password Recovery Project | 1 Password Recovery | 2024-02-28 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database. | |||||