Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea
CVE-2023-4096
8.2HIGH
What is CVE-2023-4096?
The Fujitsu Arconte Áurea version 1.5.0.0 has a vulnerability in its password recovery process, allowing attackers to exploit weak mechanisms to execute brute force attacks on the emailed PIN code. This could enable unauthorized changes to legitimate users' passwords, posing significant risks to user accounts and system security. It is vital for users and administrators to implement appropriate security measures to mitigate this risk.
Affected Version(s)
Arconte Áurea 0 < 1.5.0.0
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV