CRITICAL
Froxlor
CVE published 2017-02-13
CVE-2016-5100
CVE-2016-5100 is a critical authentication weakness in Froxlor versions before 0.9.35. The issue stems from using PHP rand for random number generation in password reset token creation, which can make tokens easier to predict. Because password reset flows are security-sensitive, this can expose accounts to unauthorized takeover if an attacker can guess a valid token.