Back

CVE-2024-47088

Sept. 19, 2024, 7:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Apex Softcell LD Geo

Source

vdisclose@cert-in.org.in

Tags

vdisclose@cert-in.org.in
CWE-307
2024-09-19
CVE-2024-47088

CVE-2024-47088 details

Published : Sept. 19, 2024, 7:15 a.m.
Last Modified : Sept. 19, 2024, 7:15 a.m.

Description

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-307 Improper Restriction of Excessive Authentication Attempts The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

URL Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 vdisclose@cert-in.org.in
This website uses the NVD API, but is not approved or certified by it.