Insufficient Entropy Vulnerability in WWBN AVideo User Password Recovery

Insufficient Entropy Vulnerability in WWBN AVideo User Password Recovery

CVE-2023-49589 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.

Learn more about our User Device Pen Test.