Vulnerabilities > CVE-2020-27423 - Improper Restriction of Excessive Authentication Attempts vulnerability in Anuko Time Tracker

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
anuko
CWE-307

Summary

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

Vulnerable Configurations

Part Description Count
Application
Anuko
1507