CVE-2018-18326

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-18326

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18326.json

Aliases

GHSA-xx3h-j3cx-8qfj

Published

2019-07-03T17:15:10Z

Modified

2023-11-29T06:30:44.644157Z

Details

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

References

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
https://www.dnnsoftware.com/community/security/security-center
https://github.com/dnnsoftware/Dnn.Platform/releases

Affected packages

Git / github.com/dnnsoftware/dnn.platform

Affected ranges

Type: GIT
Repo: https://github.com/dnnsoftware/dnn.platform
Events: Introduced

230f949b98ef1f4d456dbd891f21b4f5ffdf6bb9

Last affected

7c9e2504f8e3c4f646c2a457f4d786629f1af5a0

Affected versions

v9.*

v9.2.0

v9.2.2

v9.2.2-rc0

v9.2.2-rc1

v9.2.2-rc2

v9.2.2-rc3