HIGH🇬🇧 English

CVE-2020-28597

CVSS 7.5v3.1pub. 2021-03-03upd. 2024-11-21

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Epignosishq Efront

    APP
    Epignosishq
    5.2.175.2.21
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-5069HIGH8.8ten sam vendor

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cau...

CVE-2019-5070MEDIUM6.5ten sam vendor

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2....