CVE-2022-44938 Information

Description

Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.

Reference

https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms/