Password Policy Bypass Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (v2.11.2)
CVE-2021-34574 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
Learn more about our Cis Benchmark Audit For Server Software.