CVE-2024-42163

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 29, 2024

CWE ID 326

Summary

CVE-2024-42163 is a vulnerability affecting FIWARE Keyrock versions below 8.5. This issue stems from insufficiently random values used in generating password reset tokens. An attacker can exploit this weakness to take over any user's account by predicting the token for the password reset link. The consequence is a potential unauthorized access to user accounts, posing a significant security risk. It is recommended that users upgrade to the latest version of FIWARE Keyrock to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FIWARE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xUthwD
https://www.cve.org/CVERecord?id=CVE-2024-42163
https://nvd.nist.gov/vuln/detail/CVE-2024-42163

Back to Vulnerability Database

CVE-2024-42163

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations