Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-08-22T14:40:51.365331Z
Updated: 2024-09-16T20:48:05.000Z
Reserved: 2022-06-29T00:00:00
Link: CVE-2022-34771
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-22T15:15:16.140
Modified: 2024-11-21T07:10:09.210
Link: CVE-2022-34771
Redhat
No data.