Published on 17/09/12 - Updated on 18/09/12
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
CWE-310 (Cryptographic Issues)
Weaknesses in this category are related to the use of cryptography.
No exploits available for this CVE in our database.