Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality.

Related CVEs

CVE-2019-5440

Key Information

GHSA ID

GHSA-38m3-mrrg-hx5g

Published

May 24, 2022 4:46 PM

Last Modified

April 4, 2024 12:49 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.