A vulnerability classified as problematic was found in CrushFTP up to 10.8.2/11.2.2. This vulnerability affects unknown code of the component Reset Email Handler. The manipulation leads to weak password recovery.
The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.