2 matches found
CVE-2021-25323
The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...
CVE-2021-25323
The CVE-2021-25323 issue concerns MISP version 2.4.136 where the default configuration did not require the current password (require_password_confirmation) when changing a password. Root cause: the default setting omits verification of the existing password during password changes. Impact: elevat...