Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-26061

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2020-26061


Contact Us

Shodan ® - All rights reserved