Description
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-338
Status
published
Products (1)
langgenius/dify
0.10.1
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026