Home > Vulnerability Database > WS-2022-0255

Mend.io Vulnerability Database

WS-2022-0255

Date: March 29, 2022

Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. An attacker is able to predict generated passwords and use them to log in to newly-created accounts.

Language: C#

Severity Score

5.4

Related Resources (2)

Url: https://huntr.dev/bounties/082ed4fe-812e-446f-a118-e3ae2ddb2bca/

Url: https://www.mend.io/vulnerability-database/WS-2022-0255

Severity Score

5.4

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0255

Date: March 29, 2022

Language: C#

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?