Main Vulnerability Database SB2024092740

SB2024092740 - Account takeover in AdaCore aws

Published: September 27, 2024

Security Bulletin ID SB2024092740

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Predictable Seed in Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2024-41708)

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to usage of a weak random number generator within the Random_String() function in the src/core/aws-utils.adb module. A remote attacker can guess session identifiers of other users and gain unauthorized access to the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf