The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-10-24T20:00:00
Updated: 2024-08-07T19:48:30.530Z
Reserved: 2006-10-24T00:00:00
Link: CVE-2006-5474
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-10-24T20:07:00.000
Modified: 2024-11-21T00:19:22.480
Link: CVE-2006-5474
Redhat
No data.