Description
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.
References
https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html
Broken LinkThird Party Advisory
https://gestsup.fr/index.php?page=download
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-04-26T19:15:08.550
4 years agoLast modified
2021-05-04T00:32:57.907
4 years ago