Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Affected Component

OpenCRX <=5.2.2 - https://github.com/opencrx/opencrx/

Description

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.

Steps to reproduce

Navigate to password reset page on endpoint "/opencrx-core-CRX/RequestPasswordReset.jsp"

Enter an email, username or ID in the text field and click ok.

If the provided email, username or ID is valid the response will be "Password reset request successful for $username".

If it's not valid then the response will be "Unable to request password reset".

Impact

User enumeration.