CVE-2024-29868 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in …

Vuln ID: CVE-2024-29868

Published: 2024-06-24 10:15:09.387

Description: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user’s account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

24 June 2024

Categorie(s):

NVD

Tag(s):

NVD

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025