CVE-2019-19735

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT

Description

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

jra89/CVE-2019-19735
jra89/CVE-2019-19735UNAVAILABLE
YetiShare password reset hash bruteforce - v3.5.2 - v4.5.3
GitHubGitHub