Submeter #385004: ProjectSend ProjectSend file sharing web application r1605 Authentication Bypass Issuesinformação

TítuloProjectSend ProjectSend file sharing web application r1605 Authentication Bypass Issues
DescriçãoProjectSend file sharing web application is generating the reset password token using rand PHP function which is predictable, this leads to unauthenticated Account Take Over for any user including administrator account.
Fonte⚠️ https://github.com/projectsend/projectsend/commit/aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17
Utilizador
 Casp3r0x0 (UID 64832)
Submissão02/08/2024 12h47 (há 2 anos)
Moderação10/08/2024 10h00 (8 days later)
EstadoAceite
Entrada VulDB274116 [projectsend até r1605 Password Reset Token includes/functions.php generate_random_string Encriptação fraca]
Pontos16

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!