2 matches found
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
CVE-2017-18486
Jitbit Helpdesk (before 9.0.3) is affected by an authentication flaw tied to mishandling of the User/AutoLogin userHash parameter. Tokens in a password-reset flow can be studied to reveal a weak PRNG-derived shared secret used for remote authentication, enabling an attacker to forge tokens for an...