CVE-2006-5474

Опубликовано: 24 окт. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

Ссылки

http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
Patch
http://secunia.com/advisories/22476
Vendor Advisory
http://securityreason.com/securityalert/1767
http://www.securityfocus.com/archive/1/449352/100/0/threaded
http://www.securityfocus.com/bid/20651
http://www.whitedust.net/speaks/3043/
Exploit
Vendor Advisory
http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
Patch
http://secunia.com/advisories/22476
Vendor Advisory
http://securityreason.com/securityalert/1767
http://www.securityfocus.com/archive/1/449352/100/0/threaded
http://www.securityfocus.com/bid/20651
http://www.whitedust.net/speaks/3043/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*

Версия до 1.6.5.3 (включая)

cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6:*:*:*:*:*:*:*

cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01414

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-325q-4hqr-fh84

github

почти 4 года назад