CVE-2024-24554 MEDIUM

CVE-2024-24554: Bludit - Insecure Token Generation

Vendor Bludit
Product Bludit
Weakness CWE-338
Published June 24, 2024
Last update August 1, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

Key dates

02Disclosure timeline

June 24, 2024 CVE published
August 1, 2024 Record updated