Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Predictable tokens used for password resets
Vulnerability Description
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
TimeTracker 安全特征问题漏洞
Vulnerability Description
Anuko TimeTracker是 (Anuko)开源的一个应用软件。提供一个用PHP编写的基于Web的开源时间跟踪应用程序。 TimeTracker before version 1.19.24.5415 存在安全漏洞,该漏洞源于密码重置功能中使用的令牌是基于系统时间的,因此是可预测的。
CVSS Information
N/A
Vulnerability Type
N/A