CVE-2010-4568

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.14 through 2.22.7 Bugzilla versions 3.0.x through 3.2.x before 3.2.10 Bugzilla versions 3.4.x before 3.4.10 Bugzilla versions 3.6.x before 3.6.4 Bugzilla versions 4.0.x before 4.0rc2

Description The issue is related to the insufficient generation of random values for cookies and tokens, allowing remote attackers to obtain access to arbitrary accounts. This is due to an insufficient number of calls to the srand function.

Recommendations For versions 2.14 through 2.22.7, update to a version after 2.22.7 to resolve the issue. For versions 3.0.x through 3.2.x before 3.2.10, update to version 3.2.10 or later. For versions 3.4.x before 3.4.10, update to version 3.4.10 or later. For versions 3.6.x before 3.6.4, update to version 3.6.4 or later. For versions 4.0.x before 4.0rc2, update to version 4.0rc2 or later.