Paulos

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 4.2.1 **Description** The issue is related to the use of a cryptographically weak PRNG in the password recovery token generation. This could potentially lead to an authentication bypass attack if the password recovery functionality is exploited. The `generateRecoveryId()` function in `lib/OA/Dal/PasswordRecovery.php` generates a password reset token based on the PHP `uniqid` function, which relies on the current server time. This time is often visible in an HTTP Date header. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the password recovery functionality until a patch is available. Avoid using the password recovery feature in the affected versions until the issue is resolved.