CVE-2023-53958 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation.…
High CVSS: 8.6

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
Vendor
-
Product
-
CWE
CWE-640
Yayın Tarihi
2025-12-19 21:15:52
Güncelleme
2025-12-23 14:51:52
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-640 HIGH 2025

Referanslar

https://github.com/ltb-project/self-service-password https://www.exploit-db.com/exploits/51275 https://www.vulncheck.com/advisories/ldap-tool-box-self-service-password-account-takeover-via-http-host-header