CVE-2010-5079

Published: Sep 17, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

Affected (14)

Products: Silverstripe: Silverstripe

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Version 2.3.0
Silverstripe Silverstripe	Version 2.3.1
Silverstripe Silverstripe	Version 2.3.2
Silverstripe Silverstripe	Version 2.3.3
Silverstripe Silverstripe	Version 2.3.4
Silverstripe Silverstripe	Version 2.3.5
Silverstripe Silverstripe	Version 2.3.6
Silverstripe Silverstripe	Version 2.3.7
Silverstripe Silverstripe	Version 2.3.8
Silverstripe Silverstripe	Version 2.3.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Version 2.4.0
Silverstripe Silverstripe	Version 2.4.1
Silverstripe Silverstripe	Version 2.4.2
Silverstripe Silverstripe	Version 2.4.3

Related CWEs

References (22)

http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10

Source: secalert@redhat.com

Patch

http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4

Source: secalert@redhat.com

PatchVendor Advisory

http://open.silverstripe.org/changeset/114497

Source: secalert@redhat.com

http://open.silverstripe.org/changeset/114498

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/changeset/114503

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/changeset/114504

Source: secalert@redhat.com

Patch

http://open.silverstripe.org/changeset/114505

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2011/01/03/12

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: secalert@redhat.com

http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://open.silverstripe.org/changeset/114497

Source: af854a3a-2127-422b-91ae-364da2661108

http://open.silverstripe.org/changeset/114498

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://open.silverstripe.org/changeset/114503

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://open.silverstripe.org/changeset/114504

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://open.silverstripe.org/changeset/114505

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2011/01/03/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/04/30/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/04/30/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/01/3

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.