In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-11T17:40:45
Updated: 2024-08-03T20:40:47.462Z
Reserved: 2021-02-12T00:00:00
Link: CVE-2021-27200
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-06-11T18:15:17.243
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-27200
Redhat
No data.