CVE-2024-38277

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.

Description The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key should be generated for each to prevent this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-324

Related Identifiers

ALT-PU-2024-16385

ALT-PU-2024-16417

BDU:2025-10840

BIT-MOODLE-2024-38277

CVE-2024-38277

GHSA-R82W-3PHG-QVR4

Affected Products

Alt Linux

Red Os

CVE-2024-38277

Weakness Enumeration

Related Identifiers

Affected Products

References · 16