exploitDog

CVE-2020-25105

Опубликовано: 03 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

Ссылки

https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650/2
Vendor Advisory
https://gitlab.com/gitlab-com/gl-security/disclosures/-/blob/master/005_eramba/eramba_weak_password_reset.md
Third Party Advisory
https://discussions.eramba.org/t/bug-security-vulnerabilities-not-serious/1650/2
Vendor Advisory
https://gitlab.com/gitlab-com/gl-security/disclosures/-/blob/master/005_eramba/eramba_weak_password_reset.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eramba:eramba:2.8.1:*:*:*:community:*:*:*

cpe:2.3:a:eramba:eramba:2.19.3:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640

Связанные уязвимости

GHSA-vx26-cfxm-6ghm

github

больше 3 лет назад

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

EPSS

Процентиль: 56%

0.0034

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640