How severe is CVE-2024-45394?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-45394?

This is classified as CWE-261, which is a common weakness in software security.

CVE-2024-45394 - HIGH Severity | CVSS 7.8

Vulnerability Description

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP_BytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the user's encryption key. Users on version 8.0.0 and above are automatically migrated away from the weak encoding on first login. Users should destroy encrypted backups made with versions prior to 8.0.0.

Related Vulnerabilities

CVE-2020-14481

HIGH

CVSS:7.8(High)

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...

CWE-2612020

CVE-2022-45099

HIGH

CVSS:7.8(High)

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full syst...

CWE-2612022

CVE-2024-45273

HIGH

CVSS:7.8(High)

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CWE-2612024

CVE-2022-38469

HIGH

CVSS:7.5(High)

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

CWE-2612022

CVE-2023-0356

HIGH

CVSS:7.5(High)

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

CWE-2612023

CVE-2023-0525

HIGH

CVSS:7.5(High)

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.0...

CWE-2612023