CVE-2010-5079

Name of the Vulnerable Software and Affected Versions SilverStripe versions 2.3.x through 2.3.9 SilverStripe versions 2.4.x through 2.4.3

Description The issue is related to weak entropy when generating tokens for various security mechanisms, including CSRF protection, autologin, forgot password functionality, and password salts. This weakness can be exploited by remote attackers to bypass intended access restrictions.

Recommendations For SilverStripe versions 2.3.x through 2.3.9, update to version 2.3.10 or later. For SilverStripe versions 2.4.x through 2.4.3, update to version 2.4.4 or later.