CVE-2017-17097

Name of the Vulnerable Software and Affected Versions: gps-server.net GPS Tracking Software (self hosted) versions 2.x

Description: The issue concerns a password reset procedure that allows immediate password resets upon an unauthenticated request. After the reset, an email is sent with a new, predictable password based on the date, making it easier for remote attackers to gain access by predicting this password. This is due to the use of gmdate for password creation in the fn connect.php file.

Recommendations: For gps-server.net GPS Tracking Software (self hosted) versions 2.x, consider modifying the password reset procedure to generate unpredictable passwords and implement additional authentication steps to prevent unauthorized resets. As a temporary workaround, restrict access to the password reset functionality until a more secure solution is implemented.