Vulnerabilities > CVE-2020-27422 - Insufficient Session Expiration vulnerability in Anuko Time Tracker

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
anuko
CWE-613
critical
NVD
Published: 2020-11-16
Updated: 2020-11-30

Summary

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

Vulnerable Configurations

Part Description Count
Application
Anuko
1507

Common Weakness Enumeration (CWE)

References