Lucene search

CyberDanubeVULNRICHMENT:CVE-2024-42163

HistoryAug 12, 2024 - 11:21 a.m.

CVE-2024-42163 Password Manipulation

2024-08-1211:21:54

CWE-326

CyberDanube

github.com

cve-2024-42163

password manipulation

insufficiently random values

fiware keyrock

account takeover

predicting token

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

20.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FIWARE Keyrock",
    "vendor": "FIWARE",
    "versions": [
      {
        "lessThanOrEqual": "8.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

20.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-42163