Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
References
Configurations
No configuration.
History
03 Jul 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
Summary |
|
24 Jun 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-24 10:15
Updated : 2024-07-03 01:52
NVD link : CVE-2024-29868
Mitre link : CVE-2024-29868
CVE.ORG link : CVE-2024-29868
JSON object : View
Products Affected
No product.
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)