Lucene search

CyberDanubeCVELIST:CVE-2024-42163

HistoryAug 12, 2024 - 11:21 a.m.

CVE-2024-42163 Password Manipulation

2024-08-1211:21:54

CWE-326

CyberDanube

www.cve.org

cve-2024-42163

password manipulation

insufficient random values

fiware keyrock

account takeover

predicting token

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.1%

JSON

Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FIWARE Keyrock",
    "vendor": "FIWARE",
    "versions": [
      {
        "lessThanOrEqual": "8.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

20.1%

JSON

Related for CVELIST:CVE-2024-42163