Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header
Vulnerability Description
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
LDAP Tool Box Self Service Password 授权问题漏洞
Vulnerability Description
LDAP Tool Box Self Service Password是LDAP Tool Box开源的一个 PHP 应用程序,允许用户更改 LDAP 目录中的密码。 LDAP Tool Box Self Service Password 1.5.2版本存在授权问题漏洞,该漏洞源于密码重置令牌生成不当,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A