CVE-2023-36993

Published: Jul 7, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.

Affected (2)

Products: Travianz Project: Travianz

Travianz Project

1 product

Travianz

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Travianz Project Travianz	Version 8.3.3
Travianz Project Travianz	Version 8.3.4

Related CWEs

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (2)

https://bramdoessecurity.com/travianz-hacked/

Source: cve@mitre.org

ExploitThird Party Advisory

https://bramdoessecurity.com/travianz-hacked/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.