CVE-2023-49589

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

21 Nov 2024, 08:33

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 - Exploit, Third Party Advisory

17 Jan 2024, 15:16

Type Values Removed Values Added
CWE NVD-CWE-Other
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896 - Exploit, Third Party Advisory
First Time Wwbn avideo
Wwbn
Summary
  • (es) Existe una vulnerabilidad de entropía insuficiente en la funcionalidad de generación de recoveryPass de userRecoverPass.php de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la recuperación arbitraria de la contraseña de un usuario. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad.

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1896', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-11-21 08:33


NVD link : CVE-2023-49589

Mitre link : CVE-2023-49589

CVE.ORG link : CVE-2023-49589


JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password

NVD-CWE-Other