class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-30T17:00:02

Updated: 2024-08-05T02:25:12.656Z

Reserved: 2019-12-11T00:00:00

Link: CVE-2019-19735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-30T17:15:20.203

Modified: 2024-11-21T04:35:16.900

Link: CVE-2019-19735

cve-icon Redhat

No data.