Tata Consultancy Services Cognix Recon Client Broken Access Control Vulnerability in Password Reset Functionality
Vulnerability
A broken access control vulnerability exists in Tata Consultancy Services (TCS) Cognix Recon Client version 3.0. This vulnerability allows authenticated users to reset passwords for any user account by sending crafted requests, due to inadequate authorization checks in the password reset process.
Impact
Exploitation of this vulnerability allows for unauthorized password resets, potentially leading to account takeover.
Remediation
TCS has implemented stricter authorization and ownership validation in the password reset feature. This vulnerability has been confirmed as remediated in the current version of the product.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.