Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3 the default password reset mechanism generates tokens using sha1(email) with no random component no expiration and no rate limiting. An attacker who knows a user39s email can compute the reset token and change the victim39s password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.