|Category:||Access Management Error|
Published on 26/09/16 - Updated on 28/11/16
The web portal in IBM Tealeaf Customer Experience before 188.8.131.5247 FP10, 8.8 before 184.108.40.20649 FP9, 9.0.0 and 9.0.1 before 220.127.116.117 FP5, 9.0.1A before 18.104.22.16808_9.0.1A FP5, 9.0.2 before 22.214.171.1243 FP3, and 9.0.2A before 126.96.36.19924_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
CWE-640 (Weak Password Recovery Mechanism for Forgotten Password)
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
No exploits available for this CVE in our database.