9.8
CVE-2023-36993
- EPSS 0.1%
- Veröffentlicht 07.07.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:11:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Travianz Project ≫ Travianz Version8.3.3 Update-
Travianz Project ≫ Travianz Version8.3.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.277 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.