CVE-2021-27884 - CERT CVE

  1. CVE-2021-27884

ID CVE-2021-27884
Sažetak Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
Reference
CVSS
Base: 3.6
Impact: 4.9
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
LOCAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:L/AC:L/Au:N/C:P/I:P/A:N
Zadnje važnije ažuriranje 08-03-2021 - 16:24
Objavljeno 01-03-2021 - 23:15