Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
History

Fri, 13 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-06-24T09:59:39.941Z

Updated: 2024-09-13T16:03:11.423Z

Reserved: 2024-03-21T08:24:52.469Z

Link: CVE-2024-29868

cve-icon Vulnrichment

Updated: 2024-09-13T16:03:11.423Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-24T10:15:09.387

Modified: 2024-11-21T09:08:30.413

Link: CVE-2024-29868

cve-icon Redhat

No data.