CVE-2017-5594: Weak Password Recovery Mechanism for Forgotten Password

January 25, 2017 (updated September 2, 2017)

An issue was discovered in Pagekit. In this vulnerability the remote attacker is able to reset the registered user’s password, when the debug toolbar is enabled. The password is successfully recovered using this exploit.

References

github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b
nvd.nist.gov/vuln/detail/CVE-2017-5594
securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf

Code Behaviors & Features

Detect and mitigate CVE-2017-5594 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →