Incorrect access control in the Forgot Your Password...
Critical severity
Unreviewed
Published
Nov 14, 2023
to the GitHub Advisory Database
•
Updated Jan 8, 2025
Description
Published by the National Vulnerability Database
Nov 14, 2023
Published to the GitHub Advisory Database
Nov 14, 2023
Last updated
Jan 8, 2025
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
References