This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts.
History

Fri, 08 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared 63moons
63moons aero
63moons wave 2.0
CPEs cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
Vendors & Products 63moons
63moons aero
63moons wave 2.0
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Mon, 04 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Brokeragetechnologysolutions
Brokeragetechnologysolutions wave 2.0
CPEs cpe:2.3:a:brokeragetechnologysolutions:wave_2.0:*:*:*:*:*:*:*:*
Vendors & Products Brokeragetechnologysolutions
Brokeragetechnologysolutions wave 2.0
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 12:30:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts.
Title Brute Force Attack Vulnerability in Wave 2.0
Weaknesses CWE-307
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2024-11-04T12:15:45.323Z

Updated: 2024-11-04T15:04:26.996Z

Reserved: 2024-10-29T12:55:06.456Z

Link: CVE-2024-51558

cve-icon Vulnrichment

Updated: 2024-11-04T15:04:22.025Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-04T13:17:05.450

Modified: 2024-11-08T15:19:32.597

Link: CVE-2024-51558

cve-icon Redhat

No data.