Java β Cracking the Random: CVE-2024-29868
Reading Time: 7 minutes TL;DR If you employ a Java application with a token-based password recovery mechanism, be sure that said token isnβt generated using: RandomStringUtils. Spoiler: You can crack it and predict all past and future tokens generated by the application! Some Context During a Penetration Test I was sifting through the internet β as one often does [β¦]