PT-2023-25765 · Travianz · Travianz

Bram

Published

2023-07-07

Updated

2023-07-13

CVE-2023-36993

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TravianZ versions 8.3.3 through 8.3.4

Description The issue arises from a cryptographically insecure random number generator used in the password reset function, allowing an attacker to guess the password reset parameters and take over accounts.

Recommendations For versions 8.3.3 and 8.3.4, consider disabling the password reset function until a secure random number generator is implemented. As a temporary workaround, restrict access to the password reset feature to minimize the risk of account takeover. Avoid using the password reset function in the affected versions until the issue is resolved with a secure random number generator implementation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338

Related Identifiers

CVE-2023-36993

Affected Products

Travianz

PT-2023-25765 · Travianz · Travianz

CVE-2023-36993

Weakness Enumeration

Related Identifiers

Affected Products

References · 5