Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Reedos aiM-Star
- 2.0.1
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-45788 details
Published : Sept. 11, 2024, 12:15 p.m.
Last Modified : Sept. 11, 2024, 4:26 p.m.
Last Modified : Sept. 11, 2024, 4:26 p.m.
Description
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-799 | Improper Control of Interaction Frequency | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
References
| URL | Source |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.