CVE-2010-5079

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Cryptography Error

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 17/09/12 - Updated on 18/09/12

Description

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

Category: Cryptography Error

CWE-310 (Cryptographic Issues)
Weaknesses in this category are related to the use of cryptography.

Security Notices

US National Vulnerability DatabaseCVE-2010-5079

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
silverstripesilverstripe

Share this vulnerability with:

Twitter Facebook LinkedIn Mail