The "forgot password" function in OneOrZero Helpdesk prior to 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote malicious users to gain access as an arbitrary user by requesting a password reset.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oneorzero oneorzero helpdesk 1.6 |
||
oneorzero oneorzero helpdesk 1.6.3 |
||
oneorzero oneorzero helpdesk 1.6.4 |
||
oneorzero oneorzero helpdesk |