Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xajZoLW03eGMtcjJ2M84AAb6j

Critical EPSS: 0.00288% (0.51714 Percentile) EPSS:
Permalink JSON

Froxlor guessable password reset token

Affected Packages Affected Versions Fixed Versions
packagist:froxlor/froxlor < 0.9.35 0.9.35
0 Dependent packages
0 Dependent repositories
22 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23, 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.37, 0.10.38, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.

References:

Identifiers

GHSA-qj6h-m7xc-r2v3

CVE-2016-5100

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00288

EPSS Percentile: 0.51714

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Froxlor/Froxlor

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON