Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hundred Plus|EIP Plus - Weak Password Recovery Mechanism
Vulnerability Description
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Hundred Plus EIP Plus 授权问题漏洞
Vulnerability Description
Hundred Plus EIP Plus是中国台湾百加资通(Hundred Plus)公司的一个企业管理软件。 Hundred Plus EIP Plus存在授权问题漏洞,该漏洞源于密码恢复机制薄弱,可能导致未经身份验证的远程攻击者预测或暴力破解密码重置链接。
CVSS Information
N/A
Vulnerability Type
N/A