← back
CVE-2022-26314

CVE-2022-26314

EPSS 1.4%CWE-307
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.
Affected products
Siemens · Mendix Forgot Password Appstore moduleSiemens · Mendix Forgot Password Appstore module (Mendix 7 compatible)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf