CVE-2010-5079

2012-09-17T17:55:00
ID CVE-2010-5079
Type cve
Reporter cve@mitre.org
Modified 2012-09-18T04:00:00

Description

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.