A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions > V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations.
Publication date: Tue, 08 Mar 2022 18:15:00 +0000