CVE-2024-42027

Medium

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they…

hackerone·CWE-1391·Published 2024-10-07

CVSS

6.7

EPSS

0.01

KEV

Exploits

cve.orgen

177 chars

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

NVDen

177 chars

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

La entropía de contraseña E2EE generada por Rocket.Chat Mobile antes de la versión 4.5.1 es insuficiente, lo que permite a los atacantes descifrarla si tienen el tiempo y los recursos adecuados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	6.7	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.0	Primary	cve.org	6.7	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.0	Secondary	NVD	6.7	1.2	5.5	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.1	Primary	cve.org	6.7	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.1	Primary	cve.org	6.7	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
3.1	Secondary	NVD	6.7	1.2	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L