Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

N/A

使用具有密码学弱点缺陷的PRNG

Apache StreamPipes 安全特征问题漏洞

Apache StreamPipes是美国阿帕奇（Apache）基金会的一个自助式（工业）物联网工具箱，使非技术用户能够连接、分析和探索 IIoT 数据流。 Apache StreamPipes 0.69.0版本到0.93.0版本存在安全特征问题漏洞，该漏洞源于存在加密弱伪随机数生成器(PRNG)漏洞，允许攻击者在合理的时间内猜出恢复令牌，从而接管受攻击用户的帐户。

N/A

N/A