Design/Logic Flaw

2020-02-1013:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

CPENameOperatorVersion
yetisharege3.5.2
yetisharele4.5.4

CPE	Name	Operator	Version
	yetishare	ge	3.5.2
	yetishare	le	4.5.4

References

medium.com/@jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad

mfscripts.com/

yetishare.com/