CVE-2006-5474
N/A
N/A
Summary
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.whitedust.net/speaks/3043/
- http://secunia.com/advisories/22476
- http://www.securityfocus.com/archive/1/449352/100/0/threaded
- http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
- http://securityreason.com/securityalert/1767
- http://www.securityfocus.com/bid/20651
References
- http://www.whitedust.net/speaks/3043/
- http://secunia.com/advisories/22476
- http://www.securityfocus.com/archive/1/449352/100/0/threaded
- http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
- http://securityreason.com/securityalert/1767
- http://www.securityfocus.com/bid/20651
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.