2 matches found
CVE-2020-27423
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...
CVE-2020-27422
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...