Convos · Convos · CVE-2020-14423
**Name of the Vulnerable Software and Affected Versions**
Convos versions prior to 4.20
**Description**
The issue arises from the improper generation of a random secret in Core/Settings.pm and Util.pm, leading to a predictable CONVOS LOCAL SECRET value. This predictability affects password resets and invitations.
**Recommendations**
For versions prior to 4.20, update to version 4.20 or later to resolve the issue.