Vulnerabilities > CVE-2006-5474 - Information Disclosure vulnerability in Oneorzero Helpdesk 1.6/1.6.3/1.6.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset. Upgrade to 1.6.5.4
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |