CVE-2024-51478

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.4.5

Description The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is due to the application using a weak cryptographic algorithm, specifically md5, to hash the password reset key, and a hard-coded salt defined in the includes/services/UserManager.php file. The key is generated from the user's name, e-mail address, a random number between 0 and 10000, the current date of the request, and the salt. If an attacker knows the user's name and e-mail address, they can retrieve the key and use it to reset the account password with a bit of brute force on the random number.

Recommendations For versions prior to 4.4.5, the safest solution is to update to version 4.4.5, which fixes this issue by addressing the weak cryptographic algorithm and hard-coded salt used for password reset key hashing. As a temporary workaround, consider restricting access to the password reset functionality until a patch is available.