Security Advisory

CVE-2019-19735

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-30 17:00:02

Last updated 2024-08-05 02:25:12

Assigner mitre

State PUBLISHED

Description

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

← Browse all CVEs View on cve.org ↗