SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-09-17T17:00:00Z
Updated: 2024-09-16T21:07:45.153Z
Reserved: 2011-12-19T00:00:00Z
Link: CVE-2010-5079
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-09-17T17:55:02.750
Modified: 2024-11-21T01:22:27.483
Link: CVE-2010-5079
Redhat
No data.