Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fiware
Fiware keyrock |
|
CPEs | cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fiware
Fiware keyrock |
Mon, 12 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 12 Aug 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | |
Title | Password Manipulation | |
Weaknesses | CWE-326 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CyberDanube
Published: 2024-08-12T11:21:54.443Z
Updated: 2024-08-12T16:11:16.884Z
Reserved: 2024-07-29T20:49:58.924Z
Link: CVE-2024-42163
Vulnrichment
Updated: 2024-08-12T16:11:03.372Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:32.440
Modified: 2024-08-29T15:17:38.217
Link: CVE-2024-42163
Redhat
No data.