Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipesΒ user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked userβs account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0.69.0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"packageName": "streampipes-user-management",
"defaultStatus": "unaffected"
},
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0.69.0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"packageName": "streampipes-model",
"defaultStatus": "unaffected"
}
]