In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-11T17:40:45

Updated: 2024-08-03T20:40:47.462Z

Reserved: 2021-02-12T00:00:00

Link: CVE-2021-27200

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-11T18:15:17.243

Modified: 2024-11-21T05:57:33.863

Link: CVE-2021-27200

cve-icon Redhat

No data.