Lucene search
K

6 matches found

CVE
CVE
added 2025/01/02 4:8 p.m.70 views

CVE-2024-11717

CTFd (CTFd project) is affected by CVE-2024-11717. Tokens used for account activation and password resets are interchangeable and are transmitted as GET parameters; tokens are not single-use and can be reused within the expiration window, enabling an on-path attacker to reset a password and take ...

6.3CVSS7.2AI score0.0064EPSS
Exploits0References6
CNVD
CNVD
added 2024/08/29 12:0 a.m.6 views

FIWARE Keyrock Encryption Issue Vulnerability

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

6.3CVSS6.7AI score0.00359EPSS
Exploits1References1
OSV
OSV
added 2024/08/12 1:38 p.m.10 views

CVE-2024-42165

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

5.4CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2024/08/12 11:33 a.m.60 views

CVE-2024-42165

FIWARE Keyrock crypto issue: activation tokens are generated from insufficiently random values in Keyrock ≤ 8.4, enabling an attacker to predict activation tokens and activate arbitrary user accounts. Several connected sources (Red Hat, CNVD/CNNVD mirrors, OSV, CVE records) corroborate the vulner...

6.3CVSS6.4AI score0.00359EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.8 views

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

6.3CVSS6.8AI score0.00359EPSS
Exploits1References2
Hacker One
Hacker One
added 2017/04/24 9:27 a.m.17 views

Weblate: Activation tokens are not expiring

Hi Team, Domain: demo.weblate.org In this bug, maybe it is low risk but i have found a way to login any person to the attackers account, therefor when any user login to attackers account, the attacker can see the users activity on attackers account. The issue relies on the password reset. Stes to...

1.2AI score
Exploits0
Rows per page
Query Builder