CVE-2021-32648 – October CMS / October – Weak password recovery mechanism for forgotten password

January 15, 2022

CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.

Summary:

CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.

PoC Links(if available):

Known Counter Measures:

October CMS addressed the vulnerability in October CMS versions 1.0.472 and 1.1.5.

Links to patches(if available)

https://github.com/octobercms/october/releases/tag/v1.0.472

You may have missed

CISA Logo

CISA: CISA Releases Eight Industrial Control Systems Advisories

April 25, 2024
alerts

Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

April 25, 2024
image

CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

April 25, 2024
hkcert

Cisco Products Multiple Vulnerabilities

April 25, 2024
HIBP Banner 1

T2 – 94,584 breached accounts

April 25, 2024