3 matches found
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2022-25027
The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...