Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipesΒ user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked userβs account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
[
{
"defaultStatus": "unaffected",
"packageName": "streampipes-user-management",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.93.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "streampipes-model",
"product": "Apache StreamPipes",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "0.93.0",
"status": "affected",
"version": "0.69.0",
"versionType": "maven"
}
]
}
]