CVE-2019-5440

2019-05-2818:41:05

CWE-338

hackerone

www.cve.org

8.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.

CNA Affected

[
  {
    "product": "Revive Adserver",
    "vendor": "Revive",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 4.2.1"
      }
    ]
  }
]

References

hackerone.com/reports/576504