Unrated severityNVD Advisory· Published Oct 24, 2006· Updated Apr 23, 2026

CVE-2006-5474

Description

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

Affected products

Oneorzero/Oneorzero Helpdesk4 versions
cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*range: <=1.6.5.3
- cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

oneorzero.com/downloads/release_notes/Current_Release_notes.htmlnvdPatch
www.whitedust.net/speaks/3043/nvdExploitVendor Advisory
secunia.com/advisories/22476nvdVendor Advisory
securityreason.com/securityalert/1767nvd
www.securityfocus.com/archive/1/449352/100/0/threadednvd
www.securityfocus.com/bid/20651nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000