VDB
BIT-kafka-2024-56128
BIT-kafka-2024-56128
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | kafka | 3.8.0, 0.10.2, 0.10.2 |
Exploit Intelligence
- async-iot.ts (github-poc)
Timeline
- Dec 24, 2024 CVE Published
- May 20, 2025 CVE Updated
References
- https://datatracker.ietf.org/doc/html/rfc5802 url
- https://datatracker.ietf.org/doc/html/rfc5802#section-9 url
- https://kafka.apache.org/documentation/#security_sasl_scram_security url
- https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw url
- http://www.openwall.com/lists/oss-security/2024/12/18/3 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-56128 url