A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.
[
{
"product": "Mendix Forgot Password Appstore module",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions >= V3.3.0 < V3.5.1"
}
]
},
{
"product": "Mendix Forgot Password Appstore module (Mendix 7 compatible)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V3.2.2"
}
]
}
]