Summaryinfo

A vulnerability was found in phpservermon. It has been rated as problematic. This impacts the function generatePasswordResetToken of the file src/psm/Service/User.php. Performing a manipulation results in use of predictable algorithm in random number generator. This vulnerability is reported as CVE-2021-4240. Moreover, an exploit is present. Applying a patch is the recommended action to fix this issue. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability, which was classified as problematic, was found in phpservermon (version unknown). This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation with an unknown input leads to a use of predictable algorithm in random number generator vulnerability. CWE is classifying the issue as CWE-1241. The device uses an algorithm that is predictable and generates a pseudo-random number. This is going to have an impact on confidentiality.

The weakness was disclosed 11/15/2022. The advisory is shared at huntr.dev. This vulnerability is uniquely identified as CVE-2021-4240. Technical details and a public exploit are known.

The exploit is shared for download at huntr.dev. It is declared as proof-of-concept. By approaching the search of inurl:src/psm/Service/User.php it is possible to find vulnerable targets with Google Hacking.

Applying the patch 3daa804d5f56c55b3ae13bfac368bb84ec632193 is able to eliminate this problem. The bugfix is ready for download at github.com.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• phpservermon

License

• open-source

Website

• Product: https://github.com/phpservermon/phpservermon/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion