CVE-2023-43902

Summary

CVE-2023-43902 is a critical access control vulnerability affecting EMSigner version 2.8.7. The Forgot Your Password function is impacted, enabling unauthenticated attackers to manipulate password reset tokens and gain unauthorized access to all registered user accounts, including those with administrator privileges. This issue poses a significant risk as it allows attackers to breach account security and potentially misuse sensitive information. It is essential for users to upgrade to a patch version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.