CVE-2012-5618

2020-02-0413:17:59

redhat

www.cve.org

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

CNA Affected

[
  {
    "product": "Ushahidi",
    "vendor": "Ushahidi",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.6.1"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2012/12/04/1

github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e