Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HaloITSM - Password Reset Poisoning
Vulnerability Description
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
HaloITSM 安全漏洞
Vulnerability Description
HaloITSM是英国HaloITSM公司的一款符合 ITIL 的 ITSM 软件。 HaloITSM 2.146.1版本及之前版本存在安全漏洞,该漏洞源于存在密码重置功能中存在投毒问题。攻击者利用该漏洞可以通过诱骗的方式修改受害者的账户密码。
CVSS Information
N/A
Vulnerability Type
N/A