CVE-2024-42163

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-326
View all →

Vulnerability Description

Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.

Related Vulnerabilities

CVE-2016-10102

HIGH
CVSS:8.1(High)

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd ...

CWE-3262016

CVE-2017-14262

HIGH
CVSS:8.1(High)

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUse...

CWE-3262017

CVE-2018-15796

HIGH
CVSS:8.1(High)

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing the...

CWE-3262018

CVE-2020-3549

HIGH
CVSS:8.1(High)

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to o...

CWE-3262020

CVE-2021-32010

HIGH
CVSS:8.1(High)

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All version...

CWE-3262021

CVE-2022-25156

HIGH
CVSS:8.1(High)

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

CWE-3262022