An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| wwbn/avideo(Packagist) | 0 | N/A | N/A |
CVSS Metrics
