6 matches found
CVE-2024-11717
CTFd (CTFd project) is affected by CVE-2024-11717. Tokens used for account activation and password resets are interchangeable and are transmitted as GET parameters; tokens are not single-use and can be reused within the expiration window, enabling an on-path attacker to reset a password and take ...
FIWARE Keyrock Encryption Issue Vulnerability
FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...
CVE-2024-42165
Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...
CVE-2024-42165
FIWARE Keyrock crypto issue: activation tokens are generated from insufficiently random values in Keyrock ≤ 8.4, enabling an attacker to predict activation tokens and activate arbitrary user accounts. Several connected sources (Red Hat, CNVD/CNNVD mirrors, OSV, CVE records) corroborate the vulner...
FIWARE Keyrock 安全漏洞
FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...
Weblate: Activation tokens are not expiring
Hi Team, Domain: demo.weblate.org In this bug, maybe it is low risk but i have found a way to login any person to the attackers account, therefor when any user login to attackers account, the attacker can see the users activity on attackers account. The issue relies on the password reset. Stes to...