Products
Apex Softcell LD Geo
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-47088 details
Published : Sept. 19, 2024, 7:15 a.m.
Last Modified : Sept. 19, 2024, 7:15 a.m.
Last Modified : Sept. 19, 2024, 7:15 a.m.
Description
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-307 | Improper Restriction of Excessive Authentication Attempts | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. |
References
URL | Source |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.