CVE-2021-27200

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:wowonder:wowonder:3.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-11 18:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-27200

Mitre link : CVE-2021-27200

CVE.ORG link : CVE-2021-27200


JSON object : View

Products Affected

wowonder

  • wowonder
CWE
CWE-330

Use of Insufficiently Random Values