CVE-2019-19735

Published: Dec 30, 2019Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

Affected (1)

Products: Mfscripts: Yetishare

Mfscripts

1 product

Yetishare

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mfscripts Yetishare	From 3.5.2 to 4.5.3

Related CWEs

CWE-916

Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References (4)

https://github.com/jra89/CVE-2019-19735

Source: cve@mitre.org

ExploitThird Party Advisory

https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Source: cve@mitre.org

https://github.com/jra89/CVE-2019-19735

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.