The reset password token is generated without any randomness parameter.
Fixed in 2.7.8, 3.0.2-1
Many thanks to @Blaklis / Daniel Le Gall for his reports !
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
Impact
The reset password token is generated without any randomness parameter.
Patches
Fixed in 2.7.8, 3.0.2-1
References
Credits
Many thanks to @Blaklis / Daniel Le Gall for his reports !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com