CVE-2024-24554
6
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bludit | Bludit | 2.0 | affected |
Weaknesses
- CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- CWE-287: CWE-287 Improper Authentication
Workarounds
Disable API.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.