Security Advisory

CVE-2006-5474

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-10-24 20:00:00

Last updated 2024-08-07 19:48:30

Assigner mitre

State PUBLISHED

Description

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

← Browse all CVEs View on cve.org ↗