轉發　台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202511-00000007

[內容說明]
【百加資通｜EIP Plus - Weak Password Recovery Mechanism】(CVE-2025-12866，CVSS：9.8) 未經身分鑑別之遠端攻擊者可預測或暴力破解忘記密碼連結，進而成功修改任意使用者密碼。

[影響平台]
EIP Plus RELEASE_240626(不含)以前版本

[建議措施]
更新至RELEASE_240626(含)以後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202511-00000007

[Content Description]
【Hundred Plus | EIP Plus - Weak Password Recovery Mechanism】(CVE-2025-12866, CVSS: 9.8) An unauthenticated remote attacker can predictably or brute-force a forgotten password link, thereby successfully changing the password of any user.

[Affected Platforms]
EIP Plus versions prior to RELEASE_240626 (excluding)

[Recommended Actions]
Update to RELEASE_240626 or later

[References]
1. https://www.twcert.orgtw/tw/cp-132-10490-2534b-1.html