CVE-2024-6890 Vulnerability Details

  /     /     /  

CVE-2024-6890 Metadata Quick Info

CVE Published: 07/08/2024 | CVE Updated: 08/08/2024 | CVE Year: 2024
Source: KoreLogic | Vendor: Journyx | Product: Journyx (jtime)
Status : PUBLISHED

---

CVE-2024-6890 Description

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-321
CWE Name: CWE-321 Use of Hard-coded Cryptographic Key
Source: Journyx

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).