4 matches found
CVE-2022-36045
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...
CVE-2022-36045
creationtimestamp| type| source ---|---|--- 2022-08-31 18:36:54+00:00| seen| https://t.me/cibsecurity/49106...
CVE-2022-36045
CVE-2022-36045 affects NodeBB Forum Software. The root cause is a cryptographically weak PRNG used by the helper function utils.generateUUID (uses Math.random()), enabling an attacker to possibly calculate reset codes and takeover an account without victim involvement. Affected versions include e...
CVE-2022-36045 Account takeover via cryptographically weak PRNG in NodeBB Forum
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...