CVE Vulnerabilities

CVE-2006-5474

Published: Oct 24, 2006 | Modified: Oct 17, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The forgot password function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

Affected Software

Name Vendor Start Version End Version
Oneorzero_helpdesk Oneorzero 1.6 1.6
Oneorzero_helpdesk Oneorzero 1.6.3 1.6.3
Oneorzero_helpdesk Oneorzero 1.6.4 1.6.4
Oneorzero_helpdesk Oneorzero * 1.6.5.3

References