CVE-2023-5296 – Xinhu RockOA Password password recovery

https://notcve.org/view.php?id=CVE-2023-5296

29 Sep 2023 — A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. • https://github.com/magicwave18/vuldb/issues/1 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •