CVE-2019-5440

HIGH

Revive Adserver < v4.2.1 - Auth Bypass

Title source: llm

Description

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.

References (1)

[Exploit, Third Party Advisory] https://hackerone.com/reports/576504

Scores

CVSS v3 8.1

EPSS 0.0038

EPSS Percentile 59.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-338

Status published

Products (1)

revive-adserver/revive_adserver < 4.2.1

Published May 28, 2019

Tracked Since Feb 18, 2026