PT-2019-9183 · Dnn · Dnn

Published

2019-07-03

Updated

2023-03-03

CVE-2018-15812

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions DNN (aka DotNetNuke) versions 9.2 through 9.2.1

Description The issue is related to incorrect conversion of encryption key source values, which results in lower than expected entropy.

Recommendations For DNN (aka DotNetNuke) versions 9.2 through 9.2.1, update to a version that correctly handles encryption key source values to prevent lower than expected entropy.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2018-15812

GHSA-PF46-GQG9-J3V3

Affected Products

Dnn

PT-2019-9183 · Dnn · Dnn

CVE-2018-15812

Weakness Enumeration

Related Identifiers

Affected Products

References · 8