KB Article | Forcepoint Support

Problem Description

A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the link has already been used. We would like to thank Eitan Shav from Citadel Cyber Security Consulting for bringing this to our attention.

Resolution

This vulnerability has been resolved in Hotfix 002, which has been released for 8.5.0 and 8.5.3. This fix will cause the password reset functionality to behave as expected. These hotfixes are available on the Forcepoint Support page, under Downloads


 

Article Feedback



Thank you for the feedback and comments.