CVE-2023-49599

Name of the Vulnerable Software and Affected Versions WWBN AVideo dev master commit 15fed957fb

Description An insufficient entropy vulnerability exists in the salt generation functionality. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.

Recommendations As a temporary workaround, consider restricting access to the salt generation functionality until a patch is available. Avoid using the vulnerable salt generation functionality in the affected commit until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.