account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
Threat-Mapped Scoring
Score: 3.25
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
S9 – Sabotage of System/App (+0.25 bonus)
EPSS
Score: 0.09288Percentile:
0.92373
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-330
: Use of Insufficiently Random Values
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-485 : Signature Spoofing by Key Recreation
CAPEC-59 : Session Credential Falsification through Prediction
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
CAPEC-485 : Signature Spoofing by Key Recreation
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
T1552.004
: Private Keys
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise 2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:torrenttrader_project:torrenttrader:1.09:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me