silverstripeCMS Cryptographic Issues Vulnerability - CVE-2010-5079 - Vulnerability Database

silverstripeCMS Cryptographic Issues Vulnerability - CVE-2010-5079

Medium

Reference: CVE-2010-5079

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-5079

Title: silverstripeCMS Cryptographic Issues Vulnerability

Overview:

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism (2) autologin (3) quotforgot passwordquot functionality and (4) password salts which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.