Design/Logic Flaw

2023-07-0719:15:00

PRIOn knowledge base

www.prio-n.com

cryptography

flaw

travianz

password reset

security vulnerability

account takeover

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.1%

JSON

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.

CPENameOperatorVersion
travianzeq8.3.4
travianzeq8.3.3

CPE	Name	Operator	Version
	travianz	eq	8.3.4
	travianz	eq	8.3.3

References

bramdoessecurity.com/travianz-hacked/