The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
CPE | Name | Operator | Version |
---|---|---|---|
openmeetings | le | 3.1.0 |