Описание
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-5079
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4
- http://open.silverstripe.org/changeset/114497
- http://open.silverstripe.org/changeset/114498
- http://open.silverstripe.org/changeset/114503
- http://open.silverstripe.org/changeset/114504
- http://open.silverstripe.org/changeset/114505
- http://www.openwall.com/lists/oss-security/2011/01/03/12
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
- http://www.openwall.com/lists/oss-security/2012/05/01/3
EPSS
CVE ID
Связанные уязвимости
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entr ...
EPSS