5.2.21

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

epignosishq

CWE-335

NVD

Published: 2021-03-03

Updated: 2022-08-31

Summary

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.

Vulnerable Configurations

Part	Description	Count
Application	Epignosishq Epignosishq Efront 5.2.21 Epignosishq Efront 5.2.17	2

Common Weakness Enumeration (CWE)

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221