YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
The system generates a password reset key using a weak cryptographic algorithm (CWE-327) combined with a hardcoded salt, which significantly limits the range of possible values and facilitates its recovery. An attacker with access to the generated key hash can reverse it or guess it using brute force or based on knowledge of the fixed salt. After recovering the key, it is possible to initiate a password reset procedure for any user account, including administrator accounts.
An unauthenticated attacker can take over any account in the YesWiki system, including accounts with administrator privileges, leading to complete compromise of the wiki instance and potentially resulting in data breach, modification, or deletion.
YesWiki should be updated to version 4.4.5 or later, where the issue has been fixed. Patch details are available in commits b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc and e1285709f6f6a2277bd0075acf369f33cefd78f7 in the vendor's repository.
YesWiki in all versions before 4.4.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:LYeswiki
APPYeswiki< 4.4.5
Related vulnerabilities
YesWiki — pominięcie uwierzytelnienia przy tworzeniu i pobieraniu kopii zapasowej
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user en...
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists i...
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the...
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enab...