CVE-2022-23172
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Priority | Priority | 22.0 < 22.0 | affected |
Weaknesses
- User Enumeration
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.