Home > Vulnerability Database > CVE-2023-36993

Mend.io Vulnerability Database

CVE-2023-36993

Date: July 7, 2023

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.

Language: PHP

Severity Score

9.8

Related Resources (3)

Url: https://bramdoessecurity.com/travianz-hacked/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-36993

Url: https://www.mend.io/vulnerability-database/CVE-2023-36993

Severity Score

9.8

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-36993

Date: July 7, 2023

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?