CVE Published: 24/06/2024 |
CVE Updated: 13/09/2024 |
CVE Year: 2024 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache StreamPipes Status : PUBLISHED
CVE-2024-29868 Description
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user\'s account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.