2 matches found
CVE-2019-13240
GLPI before 9.4.1 has a password-reset flow flaw: after a user resets their password, an attacker could change that user’s password again within the next 24 hours using only the associated email address. This is addressed in GLPI 9.4.1 (released 2019-07-xx) per the linked references. Impact is li...
CVE-2019-13240
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address...