CVE-2012-5618
CRITICALUshahidi < 2.6.1 - Weak Password Recovery Mechanism for Forgotten Password
Title source: llmDescription
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/12/04/1
Patch, Third Party Advisory x_refsource_misc
https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e
Scores
CVSS v3
9.8
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (1)
ushahidi/ushahidi
< 2.6.1
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026