CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

Design/Logic Flaw

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

Roundcube Password Recovery plugin security vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the Roundcube Password Recovery plugin version 1.2, which stems from a user enumeration vulnerability that could allo...

PT-2023-23662 · Roundcube · Roundcube Password Recovery Plugin

Name of the Vulnerable Software and Affected Versions: Roundcube Password Recovery plugin version 1.2 Description: The issue allows a remote attacker to create a test script against the password recovery function to enumerate all users in the database. This is a user enumeration vulnerability in...