CVE-2024-24554 Vulnerability Details

  /     /     /  

CVE-2024-24554 Metadata Quick Info

CVE Published: 24/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: NCSC.ch | Vendor: Bludit | Product: Bludit
Status : PUBLISHED

CVE-2024-24554 Description

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-338
CWE Name: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Source: Bludit

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-115
CAPEC Description: CAPEC-115 Authentication Bypass