CVE-2024-6890

Name of the Vulnerable Software and Affected Versions Journyx (affected versions not specified)

Description The issue arises from the generation of password reset tokens using an insecure source of randomness. This allows attackers who are aware of the username of the Journyx installation user to brute-force the password reset, ultimately changing the administrator password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.