Skip to content

ruthvikvegunta/openCRX-CVE-2020-7378

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

images

images

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

openCRXreset.py

openCRXreset.py

 
 

openCRXtimeGen.java

openCRXtimeGen.java

 
 

Repository files navigation

openCRX-CVE-2020-7378 (Unauthenticated Account Take Over)

Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378.

A Stealthy Python Implentation for CVE-2020-7378

Exploit is because, the developers used Random Class from java.util.Random to generate random tokens in order to reset a users password

Instead they should be using the SecureRandom Class from java.security.SecureRandom to generate random tokens

Tested on v4.2.0, but should also work for other versions reported in the disclosure report of CVE-2020-7378

Usage

./openCRXreset.py -u <URL> -user <USERNAME> -pass <PASSWORD>

Features

  • Uses python rich library to display a robust output

  • Deletes all the temporarily created files locally as part of the script

  • Deletes only the password reset mails generated by the script in order to maintain stealth

About

Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages