Description

totd before 1.5.3 does not properly randomize mesg IDs.

Related CPE's

a

totd_project

totd

Vulnerable

References

http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf

ExploitTechnical DescriptionThird Party Advisory

https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399

PatchThird Party Advisory

https://github.com/fwdillema/totd/releases/tag/1.5.3

PatchRelease NotesThird Party Advisory

https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-330

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-06-23T17:15:18.263

3 years ago

Last modified

2022-07-06T18:49:05.073

2 years ago