Open eClass Insecure Password Reset Token Reuse Enables Account Takeover

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potential account takeover. This issue has been patched in version 4.2.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

不充分的会话过期机制

Open eClass 代码问题漏洞

Open eClass是Greek Universities Network开源的一个电子课堂系统。 Open eClass 4.2之前版本存在代码问题漏洞，该漏洞源于不安全的密码重置机制，可能导致本地攻击者重用已使用的密码重置令牌，从而进行未经授权的密码更改。

N/A

N/A