CVE-2019-12943

2019-09-1020:51:05

mitre

www.cve.org

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

References

www.kth.se/polopoly_fs/1.923564.1568098316%21/Vulnerability_Report_TTLock_Password_Reset.pdf