Описание
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1 (исключая)
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-338
CWE-338
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality.
EPSS
Процентиль: 59%
0.00377
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-338
CWE-338