2 matches found
CVE-2021-21352
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...
CVE-2021-21352
Anuko Time Tracker (PHP) before version 1.19.24.5415 uses time-based tokens in the password-reset feature, enabling brute-force guessing to change user passwords (including admin). The issue is addressed in 1.19.24.5415 (better tokens) and further limited in 1.19.24.5416 with a reduced brute-forc...