Password Reset Link Expiration Vulnerability in Anuko Time Tracker v1.19.23.5311

Password Reset Link Expiration Vulnerability in Anuko Time Tracker v1.19.23.5311

CVE-2020-27422 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

Learn more about our User Device Pen Test.