4 matches found
Exploit for Missing Authentication for Critical Function in Clickstudios Passwordstate
CVE-2020-26061 ClickStudios Passwordstate Password Reset Por...
CVE-2020-26061
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted...
CVE-2020-26061
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted...
CVE-2020-26061
The CVE concerns ClickStudios Passwordstate (password manager) prior to 8.5 build 8501. The ResetPassword function does not verify whether the user is authenticated via security questions, allowing an unauthenticated, remote attacker to send a crafted HTTP request to /account/ResetPassword to set...