exploitDog

CVE-2019-19735

Опубликовано: 30 дек. 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

Ссылки

https://github.com/jra89/CVE-2019-19735
Exploit
Third Party Advisory
https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459
https://github.com/jra89/CVE-2019-19735
Exploit
Third Party Advisory
https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*

Версия от 3.5.2 (включая) до 4.5.3 (включая)

EPSS

Процентиль: 38%

0.00168

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-916

Связанные уязвимости

GHSA-j9pc-f8q5-rxm8

CVSS3: 9.1

github

больше 3 лет назад

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

EPSS

Процентиль: 38%

0.00168

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-916