Vulnerabilities > CVE-2020-27423 - Improper Restriction of Excessive Authentication Attempts vulnerability in Anuko Time Tracker 1.19.23.5311

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
anuko
CWE-307
NVD
Published: 2020-11-16
Updated: 2020-12-01

Summary

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

Vulnerable Configurations

Part Description Count
Application
Anuko
2

Common Weakness Enumeration (CWE)

References