Описание
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*
EPSS
Процентиль: 31%
0.00114
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-321
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
EPSS
Процентиль: 31%
0.00114
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-321
CWE-798