Critical severity9.8NVD Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-17097
CVE-2017-17097
Description
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 2.x
Patches
Vulnerability mechanics
References
3- gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fecnvdPatchThird Party Advisory
- www.exploit-db.com/exploits/43431/nvdExploitThird Party AdvisoryVDB Entry
- s1.gps-server.net/changelog.txtnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.