CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
References
Link Resource
https://bramdoessecurity.com/travianz-hacked/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:travianz_project:travianz:8.3.3:-:*:*:*:*:*:*
cpe:2.3:a:travianz_project:travianz:8.3.4:*:*:*:*:*:*:*

History

13 Jul 2023, 19:30

Type Values Removed Values Added
References (MISC) https://bramdoessecurity.com/travianz-hacked/ - (MISC) https://bramdoessecurity.com/travianz-hacked/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:travianz_project:travianz:8.3.3:-:*:*:*:*:*:*
cpe:2.3:a:travianz_project:travianz:8.3.4:*:*:*:*:*:*:*
CWE CWE-338
First Time Travianz Project travianz
Travianz Project
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

07 Jul 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-07 19:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-36993

Mitre link : CVE-2023-36993

CVE.ORG link : CVE-2023-36993


JSON object : View

Products Affected

travianz_project

  • travianz
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)