oss-sec mailing list archives
CVE requests - Contact Form 7, eZPublish (EZSA-2015-001), Prestashop
From: us3r777 <us3r777 () n0b0 so>
Date: Tue, 22 Sep 2015 18:51:01 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Could a CVE please be assigned to these issues ? Issue 1: Software: Contact Form 7 (Wordpress plugin) Type of vulnerability: The Captcha is predictible using seed recovery attack (mt_rand) Exploitation vectors: The plugin use the output of mt_rand() function as a prefix for the Captcha filename. These outputs can be used to recover the initial seed, which can be used to predict the content of the Captcha. Attack outcome: The captcha functionnality can be totally bypass. Patch: https://github.com/wp-plugins/contact-form-7/commit/6e75a825829b00c2f645 acc67ea14ccfd7e54ceb Bug entry: N/A Security advisory: http://contactform7.com/2015/03/14/contact-form-7-411 / Affected versions: Contact Form 7 < 4.1.1 Fixed versions: Contact Form 7 4.1.1 or higher Already requested: Yes, via cve-assign () mitre org, I never got any answer Open source software request. Issue 2: Software: eZPublish Type of vulnerability: Password recovery token predictible using seed recovery attack. Exploitation vectors: Using a valid user account a malicious user can get outputs from mt_rand and predict another user token. Attack outcome: A malicious user can get access to other users accounts. Patch: https://github.com/ezsystems/ezpublish-legacy/commit/5908d5ee65fec61ce0e 321d586530461a210bf2a Bug entry: https://jira.ez.no/browse/EZP-24140 (not public) Security advisory: http://share.ez.no/community-project/security-advisories/ezsa-2015-001-p otential-vulnerability-in-ez-publish-password-recovery (partially public) Affected versions: 4.5.0, 4.6.0, 4.7.0, 5.0, 5.1, 5.2, 2015.01, 5.3.4, 5.4.1.1 Fixed versions: 4.5 Maintenance, 4.6 Maintenance, 4.7 Maintenance, 5.0 Maintenance, 5.1 Maintenance, 5.2 Maintenance, 5.3.5, 5.4.2, 2015.03 Already requested: Yes, via cve-assign () mitre org, I never got any answer Open source software request. Issue 3: Software: Prestashop Type of vulnerability: Password recovery token predictible using seed recovery attack. Exploitation vectors: Using a valid user account a malicious user can get outputs from mt_rand and predict another user token and generated password. Attack outcome: A malicious user can get access to other users accounts. Patch: https://github.com/PrestaShop/PrestaShop/commit/dcb1f8000ecf474375933730 91ae56c4ffdf42ac Bug entry: N/A Security advisory: https://www.prestashop.com/blog/en/prestashop-security-release/ Affected versions: 1.4.x, 1.5.x, and 1.6.x up to 1.6.0.14. Fixed versions: 1.4.11.1, 1.5.6.3 and 1.6.1.0 Already requested: Yes, via cve-assign () mitre org, I never got any answer Open source software request. If you have any questions regarding this request, please do not hesitate to contact me. Gratefully, Vincent Herbulot @us3r777 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWAYbwAAoJEK8KESyNkKeinHEP/0j4Dd173WL5Ihjn+xYYC4qs fEvmK5wTpPCKBw1iQ4ojxsqbYwcMq+nex8xDnEjDl+LJOoOv4p1uCyn1z6WSmNGz 1cMFM24w7xFpadOvuO6drRXZLTa+WDWl09pq8gHYVzZ0JXhpLCFeWpzefJZlVXI9 O1jvQZ24cSaYClLN3Z7WVDCtcdqy45VxvT981ea8lICwpFcjhs13IP1nf4U1Oxn5 +6tBERtXoufvfkqT0diVfQphAAjrVSi7zJgDzFAR3w4lkGkafMurFjzVgKdJmMgZ XvXtJgLnHVd6TIOD1EJkFfUHLeoHF+CP3/TbcyjH6AVkFp84MFloI8Ep2H6coaHT yeGKpeXbj6qxmz1FKDknVaJWcVInq340iQOW52XVt0qQRCKyZvNMsbpN5poVjw64 DOY9uMiNLeRrb314TSkL0fPrtzX/T9iPJv0lrTfty1OptqwMHM0/tHJ8O1+Mf9O0 RerUeCH53Ys3bVKN6HFwJl4Ozoy+cstlHYBmFECIRm8QblJNRV2WqwwzX1q+mXAZ PRB2Wm4pI3KjPbq78vcU4r6wKDq25edJorlGYXg9oKQBKHuXqGpKrtJDymHHtrLe idCI2C3kdgBPTMszASCWm8VdGgjHaExILEYftmboyLZQpUOaYLQTd7+Nkj8kgCy0 9AcwVPCM18wvERQFy5yM =ueBr -----END PGP SIGNATURE-----
Current thread:
- CVE requests - Contact Form 7, eZPublish (EZSA-2015-001), Prestashop us3r777 (Sep 22)