Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Shilpi Client Dashboard
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-47652 details
Published : Oct. 4, 2024, 1:15 p.m.
Last Modified : Oct. 4, 2024, 1:50 p.m.
Last Modified : Oct. 4, 2024, 1:50 p.m.
Description
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-308 | Use of Single-factor Authentication | The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. |
References
| URL | Source |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.