CVE-2022-26314

Summary

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix Forgot Password Appstore moduleAll versions >= V3.3.0 < V3.5.1affected
SiemensMendix Forgot Password Appstore module (Mendix 7 compatible)All versions < V3.2.2affected

Weaknesses

  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

References