CVE-2020-12735

Critical

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

mitre·CWE-331·Published 2020-05-08

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

113 chars

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

NVDen

113 chars

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

NVDes

186 chars

En el archivo reset.php en DomainMOD versión 4.13.0, usa una entropía insuficiente para unas peticiones de restablecimiento de contraseña, conllevando a una toma de control de la cuenta.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H