Revive Adserver up to 4.2.0 Password Reset Token PasswordRecovery.php generateRecoveryId improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Revive Adserver up to 4.2.0. The impacted element is the function generateRecoveryId in the library lib/OA/Dal/PasswordRecovery.php of the component Password Reset Token Handler. The manipulation leads to improper authentication.
This vulnerability is traded as CVE-2019-12396. There is no exploit available.
It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as critical, has been found in Revive Adserver up to 4.2.0 (Advertising Software). This issue affects the function generateRecoveryId in the library lib/OA/Dal/PasswordRecovery.php of the component Password Reset Token Handler. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
An issue was discovered in Revive Adserver before 4.2.1. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() uses an insecure way to generate a password reset token. The token relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
The weakness was shared 05/28/2019. The identification of this vulnerability is CVE-2019-12396 since 05/28/2019. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit.
By approaching the search of inurl:lib/OA/Dal/PasswordRecovery.php it is possible to find vulnerable targets with Google Hacking.
Upgrading to version 4.2.1 eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
Google Hack: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Adserver 4.2.1
Timeline
05/28/2019 🔍05/28/2019 🔍
05/28/2019 🔍
06/16/2020 🔍
Sources
Status: Not definedCVE: CVE-2019-12396 (🔍)
GCVE (CVE): GCVE-0-2019-12396
GCVE (VulDB): GCVE-100-135659
Entry
Created: 05/28/2019 17:23Updated: 06/16/2020 18:29
Changes: 05/28/2019 17:23 (39), 06/16/2020 18:29 (4)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.