CVE-2024-42163
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 326
Summary
CVE-2024-42163 is a vulnerability affecting FIWARE Keyrock versions below 8.5. This issue stems from insufficiently random values used in generating password reset tokens. An attacker can exploit this weakness to take over any user's account by predicting the token for the password reset link. The consequence is a potential unauthorized access to user accounts, posing a significant security risk. It is recommended that users upgrade to the latest version of FIWARE Keyrock to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- FIWARE