OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ocomon | Ocomon_project | * | 4.0 (excluding) |
Ocomon | Ocomon_project | 4.0 (including) | 4.0 (including) |
Ocomon | Ocomon_project | 4.0-rc1 (including) | 4.0-rc1 (including) |