CVE-2021-4240

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpservermon (affected versions not specified)

Description A problematic issue was found in phpservermon, affecting the generatePasswordResetToken function of the file src/psm/Service/User.php. The manipulation leads to the use of a predictable algorithm in the random number generator. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch. Specifically, the patch with the name 3daa804d5f56c55b3ae13bfac368bb84ec632193 should be applied. As a temporary workaround, consider disabling the generatePasswordResetToken function until the patch is applied.

Exploit

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331CWE-330CWE-1241

Related Identifiers

CVE-2021-4240

GHSA-97W9-GCC7-VR8G

Affected Products

Phpservermon

CVE-2021-4240

Weakness Enumeration

Related Identifiers

Affected Products

References · 10