CVE-2024-29868

CVE-2024-29868: Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Vendor Apache Software Foundation

Product Apache StreamPipes

Weakness CWE-338

Published June 24, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Key dates

Disclosure timeline

June 24, 2024 CVE published

September 13, 2024 Record updated

Identifiers

CVE CVE-2024-29868

CWE CWE-338

Affected versions

Vendor Apache Software Foundation

Product Apache StreamPipes

Affected ≥ 0.69.0 and ≤ 0.93.0

Vendor Apache Software Foundation

Product Apache StreamPipes

Affected ≥ 0.69.0 and ≤ 0.93.0