Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
Vulnerability Description
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Soar Cloud HR Portal 授权问题漏洞
Vulnerability Description
Soar Cloud HR Portal是Soar Cloud公司的一个人力资源应用软件。 Soar Cloud HR Portal存在授权问题漏洞,该漏洞源于对于忘记密码的密码恢复机制较弱,有权访问浏览器历史记录或有该线路的攻击者可以再次使用该URL更改密码,从而接管该帐户。
CVSS Information
N/A
Vulnerability Type
N/A