4 matches found
CVE-2020-14930
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...
Design/Logic Flaw
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...
CVE-2020-14930
The CVE-2020-14930 issue affects BT CTROMS Terminal OS Port Portal CT-464. The password-reset flow discloses the verification token in response to a getverificationcode.jsp request, sending the token not only to the user’s registered phone but also to an unauthenticated HTTP client. This could en...
CVE-2020-14930
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...