漏洞标题
Soar Cloud Ltd. 人力资源 Portal - 忘记密码的弱密码恢复机制
漏洞描述信息
Soar Cloud Ltd. 人力资源门户 - 忘记密码时弱的密码恢复机制
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
忘记口令恢复机制弱
漏洞标题
Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
漏洞描述信息
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
忘记口令恢复机制弱
漏洞标题
Soar Cloud HR Portal 授权问题漏洞
漏洞描述信息
Soar Cloud HR Portal是Soar Cloud公司的一个人力资源应用软件。 Soar Cloud HR Portal存在授权问题漏洞,该漏洞源于对于忘记密码的密码恢复机制较弱,有权访问浏览器历史记录或有该线路的攻击者可以再次使用该URL更改密码,从而接管该帐户。
CVSS信息
N/A
漏洞类别
授权问题