| |
Vulnerability CVE-2024-29868
Published: 2024-06-24
| Description: |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
|
Type:
CWE-338 (Use of Cryptographically Weak PRNG)
References: |
https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
