
CVE-2023-35134
Last Updated: July 18, 2023
Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability
| CVE ID | CVE-2023-35134 |
|---|---|
| Severity | High |
| Affected Vendors | Weintek |
| Affected Products | Weincloud Account API: Versions 0.13.6 and prior |
| Vulnerability Details | The affected product could allow an attacker to reset a password with the corresponding account’s JWT token only. |
| Solutions & Rules | Fixed in version v0.13.8 |
| Credit | Hank Chen of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com