Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability
2023-07-18
| CVE ID | CVE-2023-35134 |
|---|---|
| Severity | High |
| Affected Vendors | Weintek |
| Affected Products | Weincloud Account API: Versions 0.13.6 and prior |
| Vulnerability Details | The affected product could allow an attacker to reset a password with the corresponding account’s JWT token only. |
| Solutions & Rules | · Fixed in version v0.13.8 |
| Credit | Hank Chen of TXOne Networks |