CVE-2024-42163

Exploit

EPSS 0.33%
Veröffentlicht 12.08.2024 13:38:32
Zuletzt bearbeitet 29.08.2024 15:17:38
Quelle office@cyberdanube.com
CVE-Watchlists
Login
Unerledigt
Login

Password Manipulation

Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fiware ≫ Keyrock Version <= 8.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.243

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
office@cyberdanube.com	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-42163

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42163

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42163

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-42163