Back

CVE-2024-46937

Sept. 16, 2024, 3:30 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

MFASOFT Secure Authentication Server (SAS)

  • 1.8.x through 1.9.x before 1.9.040924

Source

cve@mitre.org

Tags

cve@mitre.org
2024-09-16
CVE-2024-46937

CVE-2024-46937 details

Published : Sept. 16, 2024, 1:15 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.

Description

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server cve@mitre.org
https://mfasoft.ru cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.