Vulnerabilities > CVE-2020-27422 - Insufficient Session Expiration vulnerability in Anuko Time Tracker 1.19.23.5311
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |