CVE-2020-27423

High

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on…

mitre·CWE-307·Published 2020-11-16

CVSS

7.5

EPSS

0.06

KEV

Exploits

cve.orgen

169 chars

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

NVDen

169 chars

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

Anuko Time Tracker versión v1.19.23.5311, carece de límite de velocidad en el módulo de restablecimiento de contraseña que permite al atacante llevar a cabo un ataque de denegación de servicio en el buzón de correo de cualquier usuario legítimo

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H