Weak Password Recovery Mechanism in Progress Sitefinity 12.1 due to Mishandling of HTTP Host Header

Weak Password Recovery Mechanism in Progress Sitefinity 12.1 due to Mishandling of HTTP Host Header

CVE-2019-17392 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

Learn more about our Web Application Penetration Testing UK.