|Category:||Access Management Error|
Published on 26/09/16 - Updated on 28/11/16
The web portal in IBM Tealeaf Customer Experience before 184.108.40.20647 FP10, 8.8 before 220.127.116.1149 FP9, 9.0.0 and 9.0.1 before 18.104.22.1687 FP5, 9.0.1A before 22.214.171.12408_9.0.1A FP5, 9.0.2 before 126.96.36.1993 FP3, and 9.0.2A before 188.8.131.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack.
CWE-640 (Weak Password Recovery Mechanism for Forgotten Password)
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
No exploits available for this CVE in our database.