Lucene search
PRIOn knowledge basePRION:CVE-2024-21495HistoryFeb 17, 2024 - 5:15 a.m.
Authentication flaw
2024-02-1705:15:00
PRIOn knowledge base
www.prio-n.com
7
oauth replay
insecure randomness
mfa secrets
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package.
Related
cve
cve
CVE-2024-21495
2024-02-17 05:15:09
osv
osv
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
2024-06-28 15:28:53
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
2024-02-17 06:30:34
CVE-2024-21495
2024-02-17 05:15:09
nvd
nvd
CVE-2024-21495
2024-02-17 05:15:09
github
github
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
2024-02-17 06:30:34
cvelist
cvelist
CVE-2024-21495
2024-02-17 05:00:08
veracode
veracode
Insecure Randomness
2024-02-19 04:50:09