In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade kimai/kimai to version 2.58.0 or higher.
Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password through the login_link process. An attacker can gain unauthorized access to user accounts by reusing a previously issued password reset link after the password has been changed. This is possible because the link remains valid for multiple uses within a set time window and is not invalidated upon password change.