CVE-2024-24554 - Vulnerability Details - OpenCVE

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

History

No history.

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2024-06-24T07:11:36.377Z

Updated: 2024-08-01T23:19:52.903Z

Reserved: 2024-01-25T14:02:00.527Z

Link: CVE-2024-24554

Vulnrichment

Updated: 2024-08-01T23:19:52.903Z

NVD

Status : Awaiting Analysis

Published: 2024-06-24T08:15:09.130

Modified: 2024-11-21T08:59:24.343

Link: CVE-2024-24554

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24554", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2024-01-25T14:02:00.527Z", "datePublished": "2024-06-24T07:11:36.377Z", "dateUpdated": "2024-08-01T23:19:52.903Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.bludit.com/", "defaultStatus": "unaffected", "packageName": "Bludit", "platforms": ["Linux", "Windows", "MacOS"], "product": "Bludit", "repo": "https://github.com/bludit/bludit/", "vendor": "Bludit", "versions": [{"status": "affected", "version": "2.0"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Admin must enable the API (API is disabled by default).<br>"}], "value": "Admin must enable the API (API is disabled by default)."}], "credits": [{"lang": "en", "type": "finder", "value": "Andreas Pfefferle, Redguard AG"}], "datePublic": "2024-06-20T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.<br>"}], "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-06-24T07:11:36.377Z"}, "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Generating secure API and user auth tokens in PHP involves creating unique and cryptographically secure strings that can be used as tokens for authentication purposes. The following code snippet is a basic example of how to generate secure API tokens in PHP:<br><br>```php<br>function generateApiToken($length = 32) {<br>    $token = bin2hex(random_bytes($length));<br>    return $token;<br>}<br>```<br>"}], "value": "Generating secure API and user auth tokens in PHP involves creating unique and cryptographically secure strings that can be used as tokens for authentication purposes. The following code snippet is a basic example of how to generate secure API tokens in PHP:\n\n```php\nfunction generateApiToken($length = 32) {\n\u00a0 \u00a0 $token = bin2hex(random_bytes($length));\n\u00a0 \u00a0 return $token;\n}\n```"}], "source": {"discovery": "UNKNOWN"}, "title": "Bludit - Insecure Token Generation", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Disable API."}], "value": "Disable API."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T13:47:33.209605Z", "id": "CVE-2024-24554", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T13:47:43.818Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.903Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:19:52.903Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24554", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-24T13:47:33.209605Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T13:47:39.144Z"}}], "cna": {"title": "Bludit - Insecure Token Generation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Andreas Pfefferle, Redguard AG"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/bludit/bludit/", "vendor": "Bludit", "product": "Bludit", "versions": [{"status": "affected", "version": "2.0"}], "platforms": ["Linux", "Windows", "MacOS"], "packageName": "Bludit", "collectionURL": "https://www.bludit.com/", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Generating secure API and user auth tokens in PHP involves creating unique and cryptographically secure strings that can be used as tokens for authentication purposes. The following code snippet is a basic example of how to generate secure API tokens in PHP:\n\n```php\nfunction generateApiToken($length = 32) {\n\u00a0 \u00a0 $token = bin2hex(random_bytes($length));\n\u00a0 \u00a0 return $token;\n}\n```", "supportingMedia": [{"type": "text/html", "value": "Generating secure API and user auth tokens in PHP involves creating unique and cryptographically secure strings that can be used as tokens for authentication purposes. The following code snippet is a basic example of how to generate secure API tokens in PHP:<br><br>```php<br>function generateApiToken($length = 32) {<br>    $token = bin2hex(random_bytes($length));<br>    return $token;<br>}<br>```<br>", "base64": false}]}], "datePublic": "2024-06-20T16:00:00.000Z", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}], "workarounds": [{"lang": "en", "value": "Disable API.", "supportingMedia": [{"type": "text/html", "value": "Disable API.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.", "supportingMedia": [{"type": "text/html", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "configurations": [{"lang": "en", "value": "Admin must enable the API (API is disabled by default).", "supportingMedia": [{"type": "text/html", "value": "Admin must enable the API (API is disabled by default).<br>", "base64": false}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-06-24T07:11:36.377Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24554", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:19:52.903Z", "dateReserved": "2024-01-25T14:02:00.527Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2024-06-24T07:11:36.377Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API."}, {"lang": "es", "value": "Bludit utiliza m\u00e9todos predecibles en combinaci\u00f3n con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit."}], "id": "CVE-2024-24554", "lastModified": "2024-11-21T08:59:24.343", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2024-06-24T08:15:09.130", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-338"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}