3 matches found
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...
CVE-2022-29174
CVE-2022-29174 affects countly-server. Prior to patch releases, an attacker who knows an account’s email/username and full name stored in the database could guess the password reset token, enabling password reset and potential account takeover. The issue is addressed in Countly Server version 22....
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...