An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.
The salt generation mechanism used in password recovery is characterized by insufficient entropy. An attacker can gather information about the system through a series of crafted HTTP requests, then perform an offline brute force attack on the salt. After reproducing the salt, it is possible to generate a valid password recovery code for the administrator account without user interaction or possessing any privileges.
Successful exploitation of this vulnerability enables complete takeover of the application administrator account (privilege escalation), resulting in loss of confidentiality, integrity, and system availability.
Apply patches available from the vendor according to the references. Details available in Cisco Talos report: TALOS-2023-1900.
WWBN AVideo dev master commit 15fed957fb
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWwbn Avideo
APPWwbn15fed957fb
Related vulnerabilities
WWBN AVideo — niekompletna naprawa command injection w test.php
WWBN AVideo: RCE przez eval() w pluginie YPTSocket — przejęcie kont
WWBN AVideo: hasła do filmów przechowywane w bazie jako plaintext
SQL Injection w WWBN AVideo — mechanizm uwierzytelniania RTMP
SSRF w WWBN AVideo — brak walidacji parametru URL w saveDVR.json.php