jra89/CVE-2019-19735

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

YetiShare password reset hash bruteforce - v3.5.2 - v4.5.3

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-19735 ↗	Dec 30, 2019Monday, 30 December 2019, 17:15	9.1 CRITICAL	6.4 MEDIUM
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.