Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-24554
PUBLISHED
More InfoOfficial Page
Assigner-NCSC.ch
Assigner Org ID-455daabc-a392-441d-aa46-37d35189897c
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2024 | 07:11
Updated At-01 Aug, 2024 | 23:19
Rejected At-
▼CVE Numbering Authority (CNA)
Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

Affected Products
Vendor
Bludit
Product
Bludit
Collection URL
https://www.bludit.com/
Package Name
Bludit
Repo
https://github.com/bludit/bludit/
Platforms
  • Linux
  • Windows
  • MacOS
Default Status
unaffected
Versions
Affected
  • 2.0
Problem Types
TypeCWE IDDescription
CWECWE-338CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-338
Description: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions

Generating secure API and user auth tokens in PHP involves creating unique and cryptographically secure strings that can be used as tokens for authentication purposes. The following code snippet is a basic example of how to generate secure API tokens in PHP: ```php function generateApiToken($length = 32) {     $token = bin2hex(random_bytes($length));     return $token; } ```

Configurations

Admin must enable the API (API is disabled by default).

Workarounds

Disable API.

Exploits
Credits
finder
Andreas Pfefferle, Redguard AG
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
N/A
Hyperlink: https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
x_transferred
Hyperlink: https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
Resource:
x_transferred
Details not found