Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote malicious user to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
password recovery project password recovery 1.2 |