CVE-2010-5079
17.09.2012, 17:55
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.Enginsight
| Vendor | Product | Version |
|---|---|---|
| silverstripe | silverstripe | 2.3.0 |
| silverstripe | silverstripe | 2.3.1 |
| silverstripe | silverstripe | 2.3.2 |
| silverstripe | silverstripe | 2.3.3 |
| silverstripe | silverstripe | 2.3.4 |
| silverstripe | silverstripe | 2.3.5 |
| silverstripe | silverstripe | 2.3.6 |
| silverstripe | silverstripe | 2.3.7 |
| silverstripe | silverstripe | 2.3.8 |
| silverstripe | silverstripe | 2.3.9 |
| silverstripe | silverstripe | 2.4.0 |
| silverstripe | silverstripe | 2.4.1 |
| silverstripe | silverstripe | 2.4.2 |
| silverstripe | silverstripe | 2.4.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References