CVE-2024-42163

Name of the Vulnerable Software and Affected Versions FIWARE Keyrock versions <= 8.4

Description The issue is related to insufficiently random values for generating password reset tokens, allowing attackers to take over the account of any user by predicting the token for the password reset link. This enables attackers to potentially gain unauthorized access to user accounts.

Recommendations For FIWARE Keyrock versions <= 8.4, update to a version that includes a fix for the insufficiently random password reset token generation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.