Lucene search

[email protected]NVD:CVE-2023-36993

HistoryJul 07, 2023 - 7:15 p.m.

CVE-2023-36993

2023-07-0719:15:09

CWE-338

[email protected]

web.nvd.nist.gov

cryptographic flaw

travianz

password reset

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.

Affected configurations

Nvd

Node

travianz_projecttravianzMatch8.3.3-

travianz_projecttravianzMatch8.3.4

VendorProductVersionCPE
travianz_projecttravianz8.3.3cpe:2.3:a:travianz_project:travianz:8.3.3:-:*:*:*:*:*:*
travianz_projecttravianz8.3.4cpe:2.3:a:travianz_project:travianz:8.3.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
travianz_project	travianz	8.3.3	cpe:2.3:a:travianz_project:travianz:8.3.3:-::::::
travianz_project	travianz	8.3.4	cpe:2.3:a:travianz_project:travianz:8.3.4:::::::*

References

bramdoessecurity.com/travianz-hacked/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Related for NVD:CVE-2023-36993

osv1 prion1 cvelist1 cve1