CVE-2019-5440

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 4.2.1

Description The issue is related to the use of a cryptographically weak PRNG in the password recovery token generation. This could potentially lead to an authentication bypass attack if the password recovery functionality is exploited. The generateRecoveryId() function in lib/OA/Dal/PasswordRecovery.php generates a password reset token based on the PHP uniqid function, which relies on the current server time. This time is often visible in an HTTP Date header.

Recommendations For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the password recovery functionality until a patch is available. Avoid using the password recovery feature in the affected versions until the issue is resolved.