Password Reset Vulnerability in langgenius/dify by LangGenius
CVE-2024-12039
7.4HIGH
What is CVE-2024-12039?
The langgenius/dify version v0.10.1 is susceptible to a security flaw that permits unauthenticated attackers to exploit the password reset mechanism. This vulnerability arises from the absence of restrictions on the number of attempts allowed for guessing the six-digit code used in the reset process. Consequently, attackers can potentially gain unauthorized access to owner, admin, or other user accounts, leading to the complete compromise of the application in a short timeframe.
Affected Version(s)
langgenius/dify <= unspecified