2 matches found
CVE-2022-30935
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...
CVE-2022-30935
The CVE-2022-30935 entry describes an authorization bypass in b2evolution caused by a bad randomness function in password-reset tokens. This allows remote, unauthenticated attackers to predict tokens, enabling them to establish valid sessions for arbitrary users and potentially reset passwords. T...