CVE-2023-36993

Name of the Vulnerable Software and Affected Versions TravianZ versions 8.3.3 through 8.3.4

Description The issue arises from a cryptographically insecure random number generator used in the password reset function, allowing an attacker to guess the password reset parameters and take over accounts.

Recommendations For versions 8.3.3 and 8.3.4, consider disabling the password reset function until a secure random number generator is implemented. As a temporary workaround, restrict access to the password reset feature to minimize the risk of account takeover. Avoid using the password reset function in the affected versions until the issue is resolved with a secure random number generator implementation.