CVE-2010-5079

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

Published: Sep 17, 2012
Updated: Apr 13, 2023
CVE: CVE-2010-5079
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
silverstripe / silverstripe	2.3.4	2.3.4.x
silverstripe / silverstripe	2.3.7	2.3.7.x
silverstripe / silverstripe	2.3.3	2.3.3.x
silverstripe / silverstripe	2.3.8	2.3.8.x
silverstripe / silverstripe	2.3.1	2.3.1.x
silverstripe / silverstripe	2.3.5	2.3.5.x
silverstripe / silverstripe	2.3.9	2.3.9.x
silverstripe / silverstripe	2.3.6	2.3.6.x
silverstripe / silverstripe	2.3.0	2.3.0.x
silverstripe / silverstripe	2.3.2	2.3.2.x
silverstripe / silverstripe	2.4.1	2.4.1.x
silverstripe / silverstripe	2.4.0	2.4.0.x
silverstripe / silverstripe	2.4.2	2.4.2.x
silverstripe / silverstripe	2.4.3	2.4.3.x

Vulnerability Database

CVE-2010-5079