Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability

2023-07-18

 

CVE ID CVE-2023-35134
Severity High
Affected Vendors Weintek
Affected Products Weincloud Account API: Versions 0.13.6 and prior
Vulnerability Details The affected product could allow an attacker to reset a password with the corresponding account’s JWT token only.
Solutions & Rules · Fixed in version v0.13.8
Credit Hank Chen of TXOne Networks