CVE-2024-45394

Summary

CVE-2024-45394 identifies a vulnerability in the Authenticator browser extension versions 7.0.0 and below, where encryption keys for user data are stored using weak encryption methods that can be brute-forced by attackers with access to user data. This poses a high risk to organizations as it compromises both the confidentiality and integrity of sensitive information, potentially leading to unauthorized access. Users are advised to upgrade to version 8.0.0 or above, which automatically transitions them away from the vulnerable encoding upon first login, and to delete any encrypted backups created with earlier versions. The vulnerability has an exploitability score of 2.0 and a base severity rating of high (8.8), indicating low privilege requirements and no user interaction necessary for exploitation. Failure to remediate this issue could result in significant data breaches impacting organizational security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.