CVE-2023-34357

Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password

CVSS 7.8 HIGHEPSS 0.2%CWE-640

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Sep 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Soar Cloud Ltd. · HR Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html