In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-11T17:40:45
Updated: 2024-08-03T20:40:47.462Z
Reserved: 2021-02-12T00:00:00
Link: CVE-2021-27200
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-11T18:15:17.243
Modified: 2024-11-21T05:57:33.863
Link: CVE-2021-27200
Redhat
No data.