CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

CVSS

No CVSS.

References

Link	Resource
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-24 08:15

Updated : 2024-06-24 12:57

NVD link : CVE-2024-24554

Mitre link : CVE-2024-24554

CVE.ORG link : CVE-2024-24554

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

{"id": "CVE-2024-24554", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.0, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-24T08:15:09.130", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API."}, {"lang": "es", "value": "Bludit utiliza m\u00e9todos predecibles en combinaci\u00f3n con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit."}], "lastModified": "2024-06-24T12:57:36.513", "sourceIdentifier": "vulnerability@ncsc.ch"}

CVE-2024-24554

JSON object

Attach tags to CVE-2024-24554

Attach tags to `CVE-2024-24554`