Lucene search

NCSC.chCVELIST:CVE-2024-24554

HistoryJun 24, 2024 - 7:11 a.m.

CVE-2024-24554 Bludit - Insecure Token Generation

2024-06-2407:11:36

CWE-338

CWE-287

NCSC.ch

www.cve.org

bludit

predictable methods

md5 hashing algorithm

sensitive tokens

api token

user token

authentication

cve-2024-24554

6 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

CNA Affected

[
  {
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected",
    "packageName": "Bludit",
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "Bludit",
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

www.redguard.ch/blog/2024/06/20/security-advisory-bludit/