PT-2024-23092 · Apache · Apache Streampipes
Alessandro Albani
·
Published
2024-06-22
·
Updated
2025-07-15
·
CVE-2024-29868
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache StreamPipes versions 0.69.0 through 0.93.0
Description
The issue is related to the use of a cryptographically weak pseudo-random number generator (PRNG) in the user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time, potentially leading to account takeover.
Recommendations
For Apache StreamPipes versions 0.69.0 through 0.93.0, upgrade to version 0.95.0, which fixes the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Streampipes