Overview
- Description
- The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77B9BA4F-5FD4-4C37-836D-1F88D47DF543",
"versionEndIncluding": "1.6.5.3"
},
{
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71F48E6F-1E7A-4B5F-9A05-37B2D7D39BE2"
},
{
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10E97153-B0A5-4751-B657-79EF676FABD6"
},
{
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC596188-DBD8-4E56-953D-23B865670926"
}
],
"operator": "OR"
}
]
}
]