CVE-2016-2564 — Insufficient Entropy in Invision Power Board

CWE-331 — Insufficient Entropy CWE-704 — Incorrect Type Conversion or Cast CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator CWE-125 — Out-of-bounds Read CWE-416 — Use After Free CWE-200 — Sensitive Information Exposure24 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 46.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Invisioncommunity Invision Power Board

Timeline

PublishedApr 23

Latest updateMay 13

Description

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDinvisioncommunity/invision_power_board4.1.8.1

🔴Vulnerability Details

GHSA

GHSA-w6pf-cx8p-259q: Invision Power Services (IPS) Community Suite before 4↗2022-05-13

▶

CVEList

CVE-2016-2564: Invision Power Services (IPS) Community Suite before 4↗2017-04-23

▶

📋Vendor Advisories

Red Hat

chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome↗2016-02-18

▶

Red Hat

chromium-browser: various fixes from internal audits↗2016-02-09

▶

Red Hat

chromium-browser: same-origin bypass in DOM↗2016-02-09

▶

Red Hat

chromium-browser: same-origin bypass in Extensions↗2016-02-09

▶

Red Hat

chromium-browser: out-of-bounds read in PDFium↗2016-02-09

▶

💬Community

Bugzilla

CVE-2016-2051 chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17↗2016-01-25

▶