Home > Vulnerability Database > WS-2023-0351

Mend.io Vulnerability Database

WS-2023-0351

Good to know:

Date: September 29, 2023

An Unverified Password Change in openitcockpit before 4.6.8. It allows users to change their password to the same value as their old password has several negative impacts on application security. It enables unauthorized access if an account is compromised. It encourages password recycling, increasing the risk of breaches across multiple accounts. It makes brute-force attacks easier by allowing repeated guessing of the same password. It can create a false sense of security for users and may violate compliance regulations.

Language: PHP

Severity Score

4.3

Related Resources (2)

Url: https://github.com/it-novum/openitcockpit/commit/c0d105023743d08d422ac312

Url: https://www.mend.io/vulnerability-database/WS-2023-0351

Severity Score

4.3

Weakness Type (CWE)

Unverified Password Change

CWE-620

Top Fix

Upgrade Version

Upgrade to version openITCOCKPIT-4.6.8

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0351

Good to know:

Date: September 29, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?