CVE-2023-49589

Summary

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
WWBNAVideodev master commit 15fed957fbaffected

Weaknesses

  • CWE-640: CWE-640: Weak Password Recovery Mechanism for Forgotten Password

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References