CVE-2020-28597

Summary

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.

Affected Software

VendorProductVersion RangeStatus
n/aEpignosisEpignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21affected

Weaknesses

  • CWE-337: CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CVE Program Container

Additional References

References