CyberSec.Space Logo
Back to CVE Browser

CVE-2006-5474

HIGH
7.5
CVSS Severity Score
EPSS Score0.0780%
EPSS Percentile33.11th
PublishedOct 24, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

Affected Platforms (CPE)

πŸ“¦
Oneorzero

Oneorzero Helpdesk

<= 1.6.5.3
πŸ“¦
Oneorzero

Oneorzero Helpdesk

= 1.6
πŸ“¦
Oneorzero

Oneorzero Helpdesk

= 1.6.3
πŸ“¦
Oneorzero

Oneorzero Helpdesk

= 1.6.4

References & Advisories

πŸ”— http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
πŸ”— http://secunia.com/advisories/22476
πŸ”— http://securityreason.com/securityalert/1767
πŸ”— http://www.securityfocus.com/archive/1/449352/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/20651
πŸ”— http://www.whitedust.net/speaks/3043/
πŸ”— http://oneorzero.com/downloads/release_notes/Current_Release_notes.html
πŸ”— http://secunia.com/advisories/22476

Related Vulnerabilities

CVE-2009-08865.0

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary...

CVE-2007-57274.3

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...