PT-2020-15947 · Eramba · Eramba Enterprise+1

Joern Schneeweisz

Published

2020-09-03

Updated

2020-09-10

CVE-2020-25105

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eramba versions c2.8.1 and earlier, eramba Enterprise versions prior to e2.19.3

Description The issue is related to a weak password recovery token. Specifically, the createHash function has only a million possibilities, which is considered insecure.

Recommendations For eramba versions c2.8.1 and earlier, update to a version later than c2.8.1. For eramba Enterprise versions prior to e2.19.3, update to version e2.19.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2020-25105

Affected Products

Eramba

Eramba Enterprise

PT-2020-15947 · Eramba · Eramba Enterprise+1

CVE-2020-25105

Weakness Enumeration

Related Identifiers

Affected Products

References · 4