28 Feb 2024
Biztonsági szemle
Exploit Attempts for Unknown Password Reset Vulnerability, (Wed, Feb 28th)
My Google skills let me down this morning, attempting to figure out which vulnerability is exactly being exploited by these "forgotuserpassword.action" scans. Maybe someone else can help me out here. Based on the scans, I do not believe this is a "normal" password reset vulnerability. Atlassian's Confluence is one suspect using a URL scheme like this, but there may be others. Here are some of the URLs:
Read more