Cleartext Password Leakage in MFScripts YetiShare User-Introduction Email

Cleartext Password Leakage in MFScripts YetiShare User-Introduction Email

CVE-2019-20061 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

Learn more about our User Device Pen Test.