The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
References
Link | Resource |
---|---|
https://bramdoessecurity.com/travianz-hacked/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Jul 2023, 19:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bramdoessecurity.com/travianz-hacked/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:travianz_project:travianz:8.3.3:-:*:*:*:*:*:* cpe:2.3:a:travianz_project:travianz:8.3.4:*:*:*:*:*:*:* |
|
CWE | CWE-338 | |
First Time |
Travianz Project travianz
Travianz Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
07 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-07 19:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-36993
Mitre link : CVE-2023-36993
CVE.ORG link : CVE-2023-36993
JSON object : View
Products Affected
travianz_project
- travianz
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)