CVE-2019-5440 Information

Description

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time which is often visible in an HTTP Date header.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://hackerone.com/reports/576504

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1