CWE-324
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-324page 1 of 1
- CVE-2019-3790MEDIUMCVSS 6.1EG 5.42019-06-06
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authentic…
- CVE-2021-33020HIGHCVSS 8.2EG 7.52022-04-01
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
- CVE-2022-2447MEDIUMCVSS 6.6EG 8.82022-09-01
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly…
- CVE-2022-24732MEDIUMCVSS 6.3EG 6.32022-03-09
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upg…
- CVE-2022-35401HIGHCVSS 8.1EG 8.12023-01-10
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would ne…
- CVE-2024-25679MEDIUMCVSS 6.5EG 6.52024-02-09
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic snif…
- CVE-2024-31893MEDIUMCVSS 4.3EG 4.32024-05-22
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
- CVE-2024-31894MEDIUMCVSS 4.3EG 4.32024-05-22
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
- CVE-2024-31895MEDIUMCVSS 4.3EG 4.32024-05-22
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
- CVE-2024-36031CRITICALCVSS 9.8EG 9.82024-05-30
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. Thi…
- CVE-2024-38277MEDIUMCVSS 5.4EG 5.42024-06-18
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
- CVE-2024-6299MEDIUMCVSS 4.8EG 4.82024-06-25
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date
- CVE-2024-7318MEDIUMCVSS 4.8EG 4.82024-09-09
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for a…
Map vulnerabilities like CWE-324 to your infrastructure
EchelonGraph correlates every CVE — across CWE-324 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →