Executive Summary

Informations
Name CVE-2024-21495 First vendor Publication 2024-02-17
Vendor Cve Last vendor Modification 2024-02-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21495

Sources (Detail)

https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-c...
https://github.com/greenpau/caddy-security/issues/265
https://github.com/greenpau/go-authcrunch/commit/ecd3725baf2683eb1519bb3c81ae...
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-02-21 05:27:24
  • Multiple Updates
2024-02-17 09:27:25
  • First insertion