CVE-2022-23172 Information

Description

An attacker can access to \Forgot my password\ button as soon as he puts users is valid in the system the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.

Reference

https://www.gov.il/en/departments/faq/cve_advisories