CVE-2023-53958

Published: Dec 19, 2025

Modified: Apr 7, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.

Vendor	Product	Versions
ltb-project	LDAP Tool Box Self Service Password	affected `1.5.2`

Weaknesses (CWE)

CWE-640

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

ExploitDB-51275

exploit

Official Product Homepage

product

VulnCheck Advisory: LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53958

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References