PT-2020-7260 · Ushahidi · Ushahidi

Timothy D. Morgan

·

Published

2020-02-04

·

Updated

2020-02-12

·

CVE-2012-5618

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Ushahidi versions prior to 2.6.1
Description: The issue is related to insufficient entropy for forgot-password tokens.
Recommendations: For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2012-5618

Affected Products

Ushahidi