SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote malicious users to bypass intended access restrictions via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.9 |
||
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.7 |
||
silverstripe silverstripe 2.3.6 |
||
silverstripe silverstripe 2.3.8 |
||
silverstripe silverstripe 2.4.0 |
||
silverstripe silverstripe 2.4.1 |
||
silverstripe silverstripe 2.4.2 |
||
silverstripe silverstripe 2.4.3 |