Description
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
Remediation
References
Related Vulnerabilities
MySQL Resource Management Errors Vulnerability (CVE-2010-3678)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)
MySQL CVE-2021-35636 Vulnerability (CVE-2021-35636)
WordPress Plugin KBoard Multiple Vulnerabilities (3.3)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)