Products
MFASOFT Secure Authentication Server (SAS)
- 1.8.x through 1.9.x before 1.9.040924
Source
cve@mitre.org
Tags
CVE-2024-46937 details
Published : Sept. 16, 2024, 1:15 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Description
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://github.com/WI1D-41/IDOR-in-MFASOFT-Secure-Authentication-Server | cve@mitre.org |
https://mfasoft.ru | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.