Vulnerability Description
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silverstripe | Silverstripe | 2.3.0 |
Related Weaknesses (CWE)
References
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10Patch
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4PatchVendor Advisory
- http://open.silverstripe.org/changeset/114497
- http://open.silverstripe.org/changeset/114498Patch
- http://open.silverstripe.org/changeset/114503Patch
- http://open.silverstripe.org/changeset/114504Patch
- http://open.silverstripe.org/changeset/114505Patch
- http://www.openwall.com/lists/oss-security/2011/01/03/12
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
- http://www.openwall.com/lists/oss-security/2012/05/01/3
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10Patch
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4PatchVendor Advisory
- http://open.silverstripe.org/changeset/114497
- http://open.silverstripe.org/changeset/114498Patch
FAQ
What is CVE-2010-5079?
CVE-2010-5079 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) pass...
How severe is CVE-2010-5079?
CVE-2010-5079 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5079?
Check the references section above for vendor advisories and patch information. Affected products include: Silverstripe Silverstripe.