Vulnerability Details : CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.
Products affected by CVE-2016-3735
- cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3735
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3735
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2016-3735
-
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2016-3735
-
https://github.com/Piwigo/Piwigo/issues/470,
Issues · Piwigo/Piwigo · GitHubBroken Link
-
http://piwigo.org/release-2.8.1,
Broken Link
-
https://github.com/Piwigo/Piwigo/commit/f51ee90c66527fd7ff634f3e8d414cb670da068d
bug #470, use a dedicated lib to generate random bytes · Piwigo/Piwigo@f51ee90 · GitHubPatch;Third Party Advisory
Jump to