Security Advisory

CVE-2020-28597

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-03 17:47:57

Last updated 2024-08-04 16:40:59

Assigner talos

State PUBLISHED

Description

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.

← Browse all CVEs View on cve.org ↗