5 matches found
CVE-2023-34357
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
Default credentials
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
CVE-2023-34357
Soar Cloud Ltd. HR Portal is affected by CVE-2023-34357 due to a weak password recovery mechanism: the password-reset link sent by email remains valid after a reset and past its expiration, enabling an attacker who can access the link (e.g., via browser history) to reuse it and change the passwor...
CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...