{"id":"CVE-2024-42164","details":"Insufficiently random values for generating password reset token in FIWARE Keyrock \u003c= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.","modified":"2026-04-10T05:16:04.373054Z","published":"2024-08-12T13:38:32.667Z","references":[{"type":"EVIDENCE","url":"https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ging/fiware-idm","events":[{"introduced":"0"},{"last_affected":"4577eaed678fbfd46732b8b34b8adcf607788ffd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.4"}]}}],"versions":["7.0.1","7.3.0","7.3.1","7.4.0","7.5.0","7.7.0","7.8.0","7.8.1","7.8.2","7.9.0","7.9.1","7.9.2","8.0.0","8.2.0","8.3.0","8.3.1","8.3.2","8.3.3","8.4.0","FIWARE_7.4.0","FIWARE_7.5.0","FIWARE_7.7","FIWARE_7.8","FIWARE_7.8.1","FIWARE_7.8.2","FIWARE_7.9","FIWARE_7.9.1","FIWARE_7.9.2","FIWARE_8.0","FIWARE_8.2","FIWARE_8.3","FIWARE_8.3.1","FIWARE_8.3.2","FIWARE_8.3.3","FIWARE_8.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42164.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}