A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-13T23:43:41
Updated: 2024-08-05T01:10:41.654Z
Reserved: 2019-09-13T00:00:00
Link: CVE-2019-16303
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-14T00:15:10.390
Modified: 2024-11-21T04:30:29.493
Link: CVE-2019-16303
Redhat
No data.