CVE-2023-43902

Summary

CVE-2023-43902 is a critical access control vulnerability affecting EMSigner v2.8.7. Unauthenticated attackers can exploit this issue by crafting malicious password reset tokens for the Forgot Your Password function. Successful exploitation allows attackers to gain unauthorized access to all registered user accounts, including those with administrator privileges. This vulnerability poses a significant risk as it enables attackers to hijack and manipulate sensitive information or take control of administrative functions within the system. Organizations using EMSigner are urged to upgrade to the latest version or apply the relevant patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.