CVE-2021-27200

Critical

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is…

mitre·CWE-330·Published 2021-06-11

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

178 chars

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

NVDen

178 chars

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

En WoWonder versión 3.0.4, unos atacantes remotos pueden tomar cualquier cuenta debido al algoritmo criptográfico débil en el archivo recover.php. El parámetro code es fácilmente predecible por la hora del día

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H