Description

totd before 1.5.3 does not properly randomize mesg IDs.

Related CPE's

a

totd_project

totd

Vulnerable

References

http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf

ExploitTechnical DescriptionThird Party Advisory

https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399

PatchThird Party Advisory

https://github.com/fwdillema/totd/releases/tag/1.5.3

PatchRelease NotesThird Party Advisory

https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner

Vendor Advisory

http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf

ExploitTechnical DescriptionThird Party Advisory

https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399

PatchThird Party Advisory

https://github.com/fwdillema/totd/releases/tag/1.5.3

PatchRelease NotesThird Party Advisory

https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-330

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-06-23T15:15:18.263Z

3 years ago

Last modified

2024-11-21T06:09:14.540Z

1 year ago