2 matches found
CVE-2023-3221
CVE-2023-3221 affects Roundcube’s Password Recovery plugin (version 1.2). The vulnerability is a user enumeration flaw in the password recovery function, enabling a remote attacker to enumerate all users in the database. Impact is limited to information disclosure; exploitation status is not prov...
CVE-2023-3222
The CVE-2023-3222 entry concerns the Password Recovery plugin for Roundcube (version 1.2). The vulnerability arises in the password recovery mechanism, allowing a remote attacker to change an existing user’s password by guessing a 6-digit numeric token, with no request-rate limiting. Affected com...