CVE-2024-6890 - OpenCVE

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Journyx	Journyx

Configuration 1 [-]

cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Aug/5
https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

History

Thu, 08 Aug 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Journyx Journyx journyx
Weaknesses		CWE-798
CPEs		cpe:2.3:a:journyx:journyx:11.5.4:::::linux::
Vendors & Products		Journyx Journyx journyx
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 08 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 08 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Aug/5

Wed, 07 Aug 2024 23:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-321 CWE-334 CWE-799

Wed, 07 Aug 2024 23:15:00 +0000

Type	Values Removed	Values Added
Description		Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
Title		Journyx Unauthenticated Password Reset Bruteforce
References		https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt

MITRE

Status: PUBLISHED

Assigner: KoreLogic

Published: 2024-08-07T23:09:40.249Z

Updated: 2024-08-08T13:28:52.446Z

Reserved: 2024-07-18T19:25:47.090Z

Link: CVE-2024-6890

Vulnrichment

Updated: 2024-08-08T01:29:14.179Z

NVD

Status : Analyzed

Published: 2024-08-07T23:15:41.543

Modified: 2024-08-08T20:53:15.917

Link: CVE-2024-6890

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6890", "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "state": "PUBLISHED", "assignerShortName": "KoreLogic", "dateReserved": "2024-07-18T19:25:47.090Z", "datePublished": "2024-08-07T23:09:40.249Z", "dateUpdated": "2024-08-08T13:28:52.446Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Journyx (jtime)", "vendor": "Journyx", "versions": [{"status": "affected", "version": "11.5.4"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jaggar Henry of KoreLogic, Inc."}], "datePublic": "2024-08-07T23:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<pre>Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.</pre><br>"}], "value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-334", "description": "CWE-334 Small Space of Random Values", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-799", "description": "CWE-799 Improper Control of Interaction Frequency", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "shortName": "KoreLogic", "dateUpdated": "2024-08-07T23:15:35.997Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Journyx Unauthenticated Password Reset Bruteforce", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Aug/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:29:14.179Z"}}, {"affected": [{"vendor": "journyx", "product": "journyx", "cpes": ["cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.5.4", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T13:26:38.452163Z", "id": "CVE-2024-6890", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T13:28:52.446Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Aug/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:29:14.179Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6890", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-08T13:26:38.452163Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*"], "vendor": "journyx", "product": "journyx", "versions": [{"status": "affected", "version": "11.5.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T13:28:38.991Z"}}], "cna": {"title": "Journyx Unauthenticated Password Reset Bruteforce", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Jaggar Henry of KoreLogic, Inc."}], "affected": [{"vendor": "Journyx", "product": "Journyx (jtime)", "versions": [{"status": "affected", "version": "11.5.4"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "datePublic": "2024-08-07T23:05:00.000Z", "references": [{"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.", "supportingMedia": [{"type": "text/html", "value": "<pre>Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.</pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-334", "description": "CWE-334 Small Space of Random Values"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-799", "description": "CWE-799 Improper Control of Interaction Frequency"}]}], "providerMetadata": {"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "shortName": "KoreLogic", "dateUpdated": "2024-08-07T23:15:35.997Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6890", "state": "PUBLISHED", "dateUpdated": "2024-08-08T13:28:52.446Z", "dateReserved": "2024-07-18T19:25:47.090Z", "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "datePublished": "2024-08-07T23:09:40.249Z", "assignerShortName": "KoreLogic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*", "matchCriteriaId": "16D9FF52-C135-4C0E-B182-65D575879BEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."}, {"lang": "es", "value": "Los tokens de restablecimiento de contrase\u00f1a se generan utilizando una fuente aleatoria insegura. Los atacantes que conocen el nombre de usuario del usuario de instalaci\u00f3n de Journyx pueden forzar el restablecimiento de contrase\u00f1a y cambiar la contrase\u00f1a de administrador."}], "id": "CVE-2024-6890", "lastModified": "2024-08-08T20:53:15.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-07T23:15:41.543", "references": [{"source": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "tags": ["Exploit", "Third Party Advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt"}], "sourceIdentifier": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-321"}, {"lang": "en", "value": "CWE-334"}, {"lang": "en", "value": "CWE-799"}], "source": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "type": "Secondary"}]}