PT-2024-29782 · Fiware · Fiware Keyrock

Wolfgang Hotwagner

Published

2024-08-12

Updated

2024-08-29

CVE-2024-42165

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions FIWARE Keyrock versions <= 8.4

Description The issue is related to insufficiently random values used for generating activation tokens. This allows attackers to predict the token for the activation link, enabling them to activate accounts of any user.

Recommendations For FIWARE Keyrock versions <= 8.4, update to a version that includes a fix for this issue to prevent attackers from predicting activation tokens.

Exploit

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2024-42165

Affected Products

Fiware Keyrock

PT-2024-29782 · Fiware · Fiware Keyrock

CVE-2024-42165

Weakness Enumeration

Related Identifiers

Affected Products

References · 5