2 matches found
CVE-2023-49599
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline...
CVE-2023-49599
Summary (CVE-2023-49599) : WWBN AVideo dev master commit 15fed957fb is affected by an insufficient entropy vulnerability in the salt generation. The salt is generated via uniqid() and the IV is derived from the install path, while the secret key is the SHA-256 hash of the salt. An attacker can ga...