Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.4.0.
The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.
Users are recommended to upgrade to version 1.4.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 22 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 22 Nov 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | |
Title | Apache Answer: Predictable Authorization Token Using UUIDv1 | |
Weaknesses | CWE-326 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-11-22T14:36:44.588Z
Updated: 2024-11-22T20:18:15.264Z
Reserved: 2024-09-05T08:29:10.968Z
Link: CVE-2024-45719
Vulnrichment
Updated: 2024-11-22T18:03:21.717Z
NVD
Status : Received
Published: 2024-11-22T15:15:10.473
Modified: 2024-11-22T21:15:18.130
Link: CVE-2024-45719
Redhat
No data.