Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
References
Link | Resource |
---|---|
https://hackerone.com/reports/576504 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2019-05-28T18:41:05
Updated: 2019-05-30T14:07:45
Reserved: 2019-01-04T00:00:00
Link: CVE-2019-5440
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-28T19:29:06.190
Modified: 2019-10-09T23:50:52.417
Link: CVE-2019-5440
JSON object: View
Redhat Information
No data.
CWE