Researchers at Aretiq AI discovered
Source: aretiq.ai
Published:
<p>A vulnerability exists in Apache OFBiz’s login authentication workflow that allows an attacker to bypass a forced password-change restriction and achieve remote code execution. When an administrator sets the requirePasswordChange flag on a user account — for example after a credential leak, durin