CVE Vulnerabilities

CVE-2024-26520

Unverified Password Change

Published: Jul 26, 2024 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.

Weakness

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

Potential Mitigations

References