4 matches found
CVE-2020-4072
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
CVE-2020-4072
CVE-2020-4072 affects generator-jhipster-kotlin 1.6.0. It allows log forging by creating log entries for invalid password reset attempts using a user-provided email; the issue arises in applications generated with JWT or session authentication (OAuth apps are not affected). The root cause is logg...
CVE-2020-4072 Log Forging in generator-jhipster-kotlin
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
Cryptographically Weak PRNG
Overview All versions of generator-jhipster-kotlin use a Cryptographically Weak PRNG that may lead to account takeover. The package uses a cryptographically insecure method to generate password reset links, which allows an attacker to guess password reset links and takeover accounts. Recommendati...