3 matches found
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId generates a...
CVE-2019-5440
CVE-2019-5440 affects Revive Adserver versions prior to 4.2.1. The password recovery token is generated via generateRecoveryId() using PHP uniqid, which relies on the current time and provides weak entropy, potentially enabling authentication bypass through the password recovery feature. Affected...
CVE-2019-12396
The concrete vulnerability is CVE-2019-5440: Revive Adserver versions = 4.2.1 (to fix the token generation weakness).