Security Advisory

CVE-2019-10908

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-07 13:32:58

Last updated 2024-08-04 22:40:15

Assigner mitre

State PUBLISHED

Description

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.

← Browse all CVEs View on cve.org ↗