Bypassing Password Change Prohibition via Forgotten Password Email in Plone

Bypassing Password Change Prohibition via Forgotten Password Email in Plone

CVE-2013-4198 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.

Learn more about our User Device Pen Test.