CVE-2019-15929

Weak Password Recovery Mechanism for Forgotten Password in packagist/craftcms/cms

Identifiers

GHSA-wvr4-w6cw-4px8, CVE-2019-15929

Package Slug

packagist/craftcms/cms

Vulnerability

Weak Password Recovery Mechanism for Forgotten Password

Description

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Affected Versions

All versions before 3.1.7

Solution

Upgrade to version 3.1.7 or above.

Last Modified

2024-02-02

source