CVE-2020-28597

Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21

Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset page, supplying the password reset token to reset the password of an account of their choice.

Recommendations: For Epignosis EfrontPro version 5.2.21, consider temporarily disabling the password reset functionality until a patch is available. Restrict access to the password reset page to minimize the risk of exploitation. Avoid using the predictable seed in the password reset token generation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.