3 matches found
CVE-2019-10641
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password...
CVE-2019-10641
Contao contains a session invalidation flaw: existing user sessions are not properly invalidated when a password is changed. Affected versions include Contao 3.* up to 3.5.38 and Contao 4.x up to 4.7.2, with the fix released in Contao 3.5.39, 4.4.37, or 4.7.3. The issue, identified in CVE-2019-10...
Session invalidation upon password changes
Date : 2019-04-09 CVE ID : CVE-2019-10641 Description Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. Affected versions Contao 3. up to 3.5.38 Contao 4.0 Contao 4.1 Contao 4.2 Conta...