CVE-2024-24554 Vulnerability Details
/
/
/
CVE-2024-24554 Metadata Quick Info
CVE Published: 24/06/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024
Source: NCSC.ch |
Vendor: Bludit |
Product: Bludit
Status : PUBLISHED
CVE-2024-24554 Description
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-338
CWE Name: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Source: Bludit
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-115
CAPEC Description: CAPEC-115 Authentication Bypass