We found results for “”
WS-2022-0255
Date: March 29, 2022
Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. An attacker is able to predict generated passwords and use them to log in to newly-created accounts.
Language: C#
Severity Score
Severity Score
Weakness Type (CWE)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-338CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |