2 matches found
CVE-2018-1000554
Trovebox version = 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed...
CVE-2018-1000554
CVE-2018-1000554 affects Trovebox before or equal to 4.0.0-rc6, where the password-reset token generation in the user component is insecure. An attacker could exploit this flaw by sending an HTTP request to trigger a password reset, potentially compromising accounts. The issue is described as a t...