How severe is CVE-2017-18486?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2017-18486?

This is classified as CWE-332, which is a common weakness in software security.

CVE-2017-18486 - HIGH Severity | CVSS 7.2

Vulnerability Description

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.

Related Vulnerabilities

CVE-2014-9690

HIGH

CVSS:7.5(High)

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator...

CWE-3322014

CVE-2016-10743

HIGH

CVSS:7.5(High)

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CWE-3322016

CVE-2016-9154

HIGH

CVSS:7.5(High)

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modul...

CWE-3322016

CVE-2019-1715

HIGH

CVSS:7.5(High)

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa...

CWE-3322019

CVE-2017-9371

MEDIUM

CVSS:5.9(Medium)

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able ...

CWE-3322017

CVE-2023-20107

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Def...

CWE-3322023