|Category:||Access Management Error|
Published on 26/09/16 - Updated on 28/11/16
The web portal in IBM Tealeaf Customer Experience before 126.96.36.19947 FP10, 8.8 before 188.8.131.5249 FP9, 9.0.0 and 9.0.1 before 184.108.40.2067 FP5, 9.0.1A before 220.127.116.1108_9.0.1A FP5, 9.0.2 before 18.104.22.1683 FP3, and 9.0.2A before 22.214.171.12424_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
CWE-640 (Weak Password Recovery Mechanism for Forgotten Password)
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
No exploits available for this CVE in our database.