CVE-2020-25105

Critical

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

mitre·CWE-640·Published 2020-09-03

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

125 chars

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

NVDen

125 chars

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

eramba versión c2.8.1 y Enterprise versiones anteriores a e2.19.3, presentan un token de recuperación de contraseña débil (createHash posee solo un millón de posibilidades)

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H