3 matches found
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174
CVE-2022-29174 affects countly-server. Prior to patch releases, an attacker who knows an account’s email/username and full name stored in the database could guess the password reset token, enabling password reset and potential account takeover. The issue is addressed in Countly Server version 22....