3 matches found
InvenTree Deploys a Weak Password Change Mechanism
Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...
Logic Flaw Vulnerability at My NJ Client APP Change Password Function
My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. A logic flaw exists in the password change function of MyNJ Client APP. Since the original password is not verified when changing the password, it allows an attacker...
CVE-2000-0944
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...