CVE-2023-35134
Last Updated: April 8, 2024
Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Publication Date: 2023-07-18
Severity Level: High
Vulnerability Details
Affected Vendor: Weintek
Affected Product: Weincloud Account API
Affected Versions: Versions 0.13.6 and prior
Description
The affected product could allow an attacker to reset a password with the corresponding account's JWT token only.
Remediation
Solution: Fixed in version v0.13.8
Credit
Hank Chen of TXOne Networks
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
psirt@txone.com