### [CVE-2024-43190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43190)
![](https://img.shields.io/static/v1?label=Product&message=Engineering%20Requirements%20Management%20DOORS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9.7.2.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-640%20Weak%20Password%20Recovery%20Mechanism%20for%20Forgotten%20Password&color=brightgreen)

### Description

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

### POC

#### Reference
- https://www.ibm.com/support/pages/node/7238992

#### Github
No PoCs found on GitHub currently.