What is CVE-2024-6890?

CVE-2024-6890 is a vulnerability in Journyx (Jtime), classified under Use of Hard-coded Cryptographic Key. Published 2024-08-07.

Is CVE-2024-6890 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Journyx (Jtime)

CVE-2024-6890

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

EPSS: 0.001 (29.6th percentile) — read the EPSS interpretation.

Affected products

Journyx (Jtime) — versions 11.5.4

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key
CWE-334
CWE-799

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

korelogic.com/Resources/Advisories/KL-001-2024-007.txt (third-party-advisory)

Frequently asked questions

What is CVE-2024-6890?: CVE-2024-6890 is a vulnerability in Journyx (Jtime), classified under Use of Hard-coded Cryptographic Key. Published 2024-08-07.
Is CVE-2024-6890 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.