2 matches found
CVE-2020-14423
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...
CVE-2020-14423
Convos (Nordaaker Convos) before version 4.20 uses an insecure random secret in Core/Settings.pm and Util.pm, leading to a predictable CONVOS_LOCAL_SECRET that affects password resets and invitations. Affected: Convos prior to 4.20. Root cause: improper randomness in secret generation. Impact: pa...