CVE-2019-19735

Name of the Vulnerable Software and Affected Versions MFScripts YetiShare versions 3.5.2 through 4.5.3

Description The issue concerns an insecure method of creating password reset hashes in the class.userpeer.php file, which is based only on microtime. This allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

Recommendations For MFScripts YetiShare versions 3.5.2 through 4.5.3, consider modifying the password reset hash creation to use a more secure method that incorporates sufficient randomness and complexity to prevent bruteforcing. As a temporary workaround, restrict access to the password reset functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.