The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.
Metrics
Affected Vendors & Products
References
History
Tue, 31 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 31 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. | |
Title | Changing Information Technology CGFIDO - Authentication Bypass | |
Weaknesses | CWE-302 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: twcert
Published: 2024-12-31T01:24:48.680Z
Updated: 2024-12-31T15:56:46.585Z
Reserved: 2024-12-20T03:29:52.945Z
Link: CVE-2024-12838

Updated: 2024-12-31T15:56:43.066Z

Status : Received
Published: 2024-12-31T02:15:05.877
Modified: 2024-12-31T02:15:05.877
Link: CVE-2024-12838

No data.