Password Recovery Project: >> Password Recovery >> 1.2 Security Vulnerabilities
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing userĀ“s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-04
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-04