CVE-2024-42027

MEDIUM

Rocket.Chat Mobile <4.5.1 - Info Disclosure

Title source: llm

Description

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

References (1)

[Third Party Advisory] https://hackerone.com/reports/2546437

Scores

CVSS v3 6.7

EPSS 0.0014

EPSS Percentile 33.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1391

Status published

Products (1)

Rocket.Chat/Mobile 4.5.1

Published Oct 07, 2024

Tracked Since Feb 18, 2026