What the vulnerability does

01Description

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

Key dates

02Disclosure timeline

October 5, 2020 CVE published
August 4, 2024 Record updated