Vulnerability Description
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Froxlor | Froxlor | <= 0.9.34.2 |
Related Weaknesses (CWE)
References
- https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6Issue TrackingPatchThird Party Advisory
- https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2016-5100?
CVE-2016-5100 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
How severe is CVE-2016-5100?
CVE-2016-5100 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-5100?
Check the references section above for vendor advisories and patch information. Affected products include: Froxlor Froxlor.