PT-2020-13230 · Domainmod · Domainmod

Abhishek

Published

2020-05-08

Updated

2020-05-12

CVE-2020-12735

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DomainMOD version 4.13.0

Description The issue is related to insufficient entropy for password reset requests, which can lead to account takeover.

Recommendations For DomainMOD version 4.13.0, consider implementing additional security measures to enhance the entropy of password reset requests, such as adding more random characters or using a more secure random number generator, until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2020-12735

Affected Products

Domainmod

PT-2020-13230 · Domainmod · Domainmod

CVE-2020-12735

Weakness Enumeration

Related Identifiers

Affected Products

References · 4