Description
# CVE-2019-19735
YetiShare password reset hash bruteforce - v3.5...
Related
{"id": "3C640262-B049-57E1-B254-ECA9316C955D", "vendorId": null, "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for Use of Password Hash With Insufficient Computational Effort in Mfscripts Yetishare", "description": "# CVE-2019-19735\nYetiShare password reset hash bruteforce - v3.5...", "published": "2019-12-12T11:56:00", "modified": "2019-12-23T08:51:01", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2019-19735"], "immutableFields": [], "lastseen": "2021-12-10T14:23:52", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19735"]}], "rev": 4}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-19735"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}]}, "exploitation": null, "vulnersScore": 0.1}, "_state": {"dependencies": 1659919447, "score": 1659850087}, "_internal": {"score_hash": "8281c6024444bbe8b819d0ed6eca252f"}, "privateArea": 1}
{"cve": [{"lastseen": "2022-03-23T22:18:53", "description": "class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-30T17:15:00", "type": "cve", "title": "CVE-2019-19735", "cwe": ["CWE-916"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19735"], "modified": "2020-01-08T19:43:00", "cpe": ["cpe:/a:mfscripts:yetishare:4.5.3"], "id": "CVE-2019-19735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19735", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mfscripts:yetishare:4.5.3:*:*:*:*:*:*:*"]}]}