Name of the Vulnerable Software and Affected Versions 1С-Битрикс: Управление сайтом (affected versions not specified)

Description The issue is related to errors in the mt rand pseudorandom number generator code. It allows a remote attacker to obtain the password reset confirmation code for any user and potentially the user's password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.