An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users password hash will be able to use it to directly login into the account, leading to increased privileges.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Avideo | Wwbn | 11.6 (including) | 11.6 (including) |