The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.
References
Link | Resource |
---|---|
https://hackerone.com/reports/2546437 |
Configurations
No configuration.
History
07 Oct 2024, 19:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1391 |
07 Oct 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-07 13:15
Updated : 2024-10-07 19:37
NVD link : CVE-2024-42027
Mitre link : CVE-2024-42027
CVE.ORG link : CVE-2024-42027
JSON object : View
Products Affected
No product.
CWE
CWE-1391
Use of Weak Credentials