CVE-2023-36993 – CVE-2023-36993 is a critical vulnerability in T... (How to Fix)

Q: What is the severity of CVE-2023-36993?

CVE-2023-36993 has a CVSS score of 9.8 (CRITICAL). CVE-2023-36993 is a critical vulnerability in TravianZ game servers where the password reset function uses a cryptographically insecure random number generator. This allows attackers to predict password reset tokens and take over user accounts. All TravianZ servers running affected versions are vulnerable.

📋 TL;DR

CVE-2023-36993 is a critical vulnerability in TravianZ game servers where the password reset function uses a cryptographically insecure random number generator. This allows attackers to predict password reset tokens and take over user accounts. All TravianZ servers running affected versions are vulnerable.

💻 Affected Systems

Products:

TravianZ

Versions: 8.3.3 and 8.3.4

Operating Systems: Any OS running TravianZ

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Travianz by Travianz Project

View all CVEs affecting Travianz →

Travianz by Travianz Project

View all CVEs affecting Travianz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all user accounts, including administrator accounts, leading to data theft, account hijacking, and server takeover.

🟠

Likely Case

Targeted account takeover of specific users, potentially including administrators, leading to privilege escalation and data compromise.

🟢

If Mitigated

Limited impact with proper monitoring and rate limiting, though vulnerability remains exploitable.

🌐 Internet-Facing: HIGH - Password reset functionality is typically internet-facing and accessible without authentication.

🏢 Internal Only: LOW - This vulnerability primarily affects internet-facing authentication systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires predicting or brute-forcing weak random values used in password reset tokens.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a secure fork or implementing custom fixes.

🔧 Temporary Workarounds

Disable Password Reset Function

all

Temporarily disable the vulnerable password reset functionality until a proper fix is implemented.

# Edit TravianZ configuration to disable password reset

Implement Rate Limiting

all

Add rate limiting to password reset requests to make brute-force attacks impractical.

# Configure web server or application rate limiting for /password-reset endpoints

🧯 If You Can't Patch

Implement strong network-level rate limiting on password reset endpoints
Monitor for unusual patterns of password reset requests and failed attempts

🔍 How to Verify

Check if Vulnerable:

Check if running TravianZ version 8.3.3 or 8.3.4 by examining version files or configuration.

Check Version:

grep -r 'version' /path/to/travianz/ or check config files

Verify Fix Applied:

Verify that password reset tokens are generated using cryptographically secure random functions (e.g., PHP's random_bytes() or openssl_random_pseudo_bytes()).

📡 Detection & Monitoring

Log Indicators:

Unusual volume of password reset requests
Multiple failed password reset attempts from single IP

Network Indicators:

High frequency requests to password reset endpoints
Patterns of sequential or predictable reset tokens

SIEM Query:

source="web_logs" AND (url="*/password-reset*" OR url="*/lostpassword*") | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2023-36993

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-338

Published: July 7, 2023

Last Updated: November 21, 2024

🔗 References

https://bramdoessecurity.com/travianz-hacked/ Exploit,Third Party Advisory
https://bramdoessecurity.com/travianz-hacked/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36993, you might also want to check these: