PT-2020-13997 · Convos · Convos
Stig P
·
Published
2020-06-18
·
Updated
2020-06-29
·
CVE-2020-14423
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Convos versions prior to 4.20
Description
The issue arises from the improper generation of a random secret in Core/Settings.pm and Util.pm, leading to a predictable CONVOS LOCAL SECRET value. This predictability affects password resets and invitations.
Recommendations
For versions prior to 4.20, update to version 4.20 or later to resolve the issue.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Convos