3 matches found
CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1...
CVE-2020-28208
Rocket.Chat up to version 3.9.1 is affected by an information-disclosure vulnerability in the password-reset function that allows an attacker to enumerate registered email addresses. The root cause is information exposure via the reset workflow, enabling potential access to sensitive information....
Rocket.Chat 3.7.1 Email Address Enumeration
Trovent Security Advisory 2010-01 Email address enumeration in reset password Overview Advisory ID: TRSA-2010-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2010-01 Affected product: Web application Rocket.Chat Affected version: = 3.7.1 Vendor:...