Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fiware
Fiware keyrock |
|
Weaknesses | CWE-330 | |
CPEs | cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fiware
Fiware keyrock |
Mon, 12 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 12 Aug 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | |
Title | Disabling MFA without Authentication | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CyberDanube
Published: 2024-08-12T11:27:17.672Z
Updated: 2024-08-12T13:13:06.556Z
Reserved: 2024-07-29T20:49:58.924Z
Link: CVE-2024-42164
Vulnrichment
Updated: 2024-08-12T13:13:02.937Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:32.667
Modified: 2024-08-29T15:19:40.220
Link: CVE-2024-42164
Redhat
No data.