Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 23 May 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 May 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue. | |
Title | Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks | |
Weaknesses | CWE-521 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-05-22T20:38:02.463Z
Updated: 2025-05-23T13:56:37.894Z
Reserved: 2025-05-19T15:46:00.395Z
Link: CVE-2025-48372

Updated: 2025-05-23T13:56:31.257Z

Status : Awaiting Analysis
Published: 2025-05-22T21:15:36.640
Modified: 2025-05-23T15:54:42.643
Link: CVE-2025-48372

No data.