CVE-2017-18486
Jitbit Helpdesk (before 9.0.3) is affected by an authentication flaw tied to mishandling of the User/AutoLogin userHash parameter. Tokens in a password-reset flow can be studied to reveal a weak PRNG-derived shared secret used for remote authentication, enabling an attacker to forge tokens for an...