Lucene search

[email protected]NVD:CVE-2024-42164

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-42164

2024-08-1213:38:32

CWE-330

CWE-287

[email protected]

web.nvd.nist.gov

fiware

keyrock

password reset

insufficiently random

two factor authorization

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.7%

JSON

Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.

Affected configurations

Nvd

Node

fiwarekeyrockRange≤8.4

VendorProductVersionCPE
fiwarekeyrock*cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fiware	keyrock	*	cpe:2.3:a:fiware:keyrock::::::::

References

www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.7%

JSON

Related for NVD:CVE-2024-42164

cvelist1 vulnrichment1 osv1 cve1