CVE-2017-17097

CVE-2017-17097

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.

Source: CVE-2017-17097

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다