Predictable Random Token Vulnerability in e107 CSRF Protection

Predictable Random Token Vulnerability in e107 CSRF Protection

CVE-2010-5084 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

Learn more about our User Device Pen Test.