CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.
Configurations

Configuration 1

cpe:2.3:a:convos:convos:*:*:*:*:*:*:*:*

Information

Published : 2020-06-18 02:15

Updated : 2020-06-29 06:18


NVD link : CVE-2020-14423

Mitre link : CVE-2020-14423

Products Affected
No products.
CWE