Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OneOrZero forgot password函数安全口令重置漏洞
Vulnerability Description
OneOrZero Helpdesk是一个PHP/MySQL帮助桌面软件。 OneOrZero生成访问口令的方式上存在漏洞,攻击者可以利用此漏洞推测出自动生成的口令。 OneOrZero的forgot password函数会在回答完安全问题后重置口令,默认下这个口令为空。用户可以通过重置管理员口令并保持回答为空强制重置口令。但是,由于口令重置函数是基于用户名和服务器时间来设置口令的,因此可以通过服务器的时间来判断所设置的口令。
CVSS Information
N/A
Vulnerability Type
N/A