Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
Metrics
Affected Vendors & Products
References
History
Thu, 29 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fiware
Fiware keyrock |
|
CPEs | cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fiware
Fiware keyrock |
Mon, 12 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 12 Aug 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | |
Title | Arbitrary User Activation | |
Weaknesses | CWE-330 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CyberDanube
Published: 2024-08-12T11:33:39.049Z
Updated: 2024-08-12T12:23:11.741Z
Reserved: 2024-07-29T20:49:58.925Z
Link: CVE-2024-42165
Vulnrichment
Updated: 2024-08-12T12:23:04.908Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:32.890
Modified: 2024-08-29T15:21:22.330
Link: CVE-2024-42165
Redhat
No data.