CVE-2024-6890

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt	Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2024/Aug/5

Configurations

Configuration 1 (hide)

cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*

History

No history.

Information

Published : 2024-08-07 23:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-6890

Mitre link : CVE-2024-6890

CVE.ORG link : CVE-2024-6890

JSON object : View

Products Affected

journyx

journyx

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-334

Small Space of Random Values

CWE-799

Improper Control of Interaction Frequency

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-6890", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-08-07T23:15:41.543", "references": [{"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "bbf0bd87-ece2-41be-b873-96928ee8fab9"}, {"url": "http://seclists.org/fulldisclosure/2024/Aug/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "description": [{"lang": "en", "value": "CWE-321"}, {"lang": "en", "value": "CWE-334"}, {"lang": "en", "value": "CWE-799"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."}, {"lang": "es", "value": "Los tokens de restablecimiento de contrase\u00f1a se generan utilizando una fuente aleatoria insegura. Los atacantes que conocen el nombre de usuario del usuario de instalaci\u00f3n de Journyx pueden forzar el restablecimiento de contrase\u00f1a y cambiar la contrase\u00f1a de administrador."}], "lastModified": "2024-11-21T09:50:28.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "16D9FF52-C135-4C0E-B182-65D575879BEA"}], "operator": "OR"}]}], "sourceIdentifier": "bbf0bd87-ece2-41be-b873-96928ee8fab9"}