Vulnerabilities > CVE-2020-27423 - Improper Restriction of Excessive Authentication Attempts vulnerability in Anuko Time Tracker
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox