PT-2024-37521 · Conduit · Conduit
Published
2024-06-25
·
Updated
2024-09-20
·
CVE-2024-6299
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Conduit (affected versions not specified)
Description:
The issue is related to the lack of consideration of key expiry when validating signatures in Conduit. This allows an attacker who has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Conduit