View Issue Details

IDProjectCategoryView StatusLast Update
0006818OXID eShop (all versions)4.04. Securitypublic2018-08-14 11:07
Reporterambulong Assigned To 
PriorityurgentSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0.2 
Fixed in Version4.10.8 / 5.3.8 
Summary0006818: It is possible to take over an access to user account
DescriptionIt is possible to take over access of a user account by entering an e-mail address similar to an already existing e-mail address in the database when using the password reset function
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

keywan.ghadami

2018-04-19 13:07

reporter   ~0012444

please see info on
https://oxidforge.org/en/security
and write a email directly to [email protected].

ambulong

2018-04-19 13:20

reporter   ~0012445

Got it, thanks