This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Brokeragetechnologysolutions
Brokeragetechnologysolutions aero |
|
CPEs | cpe:2.3:a:brokeragetechnologysolutions:aero:*:*:*:*:*:*:*:* | |
Vendors & Products |
Brokeragetechnologysolutions
Brokeragetechnologysolutions aero |
|
Metrics |
ssvc
|
Mon, 04 Nov 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts. | |
Title | Authentication bypass Vulnerability in Aero | |
Weaknesses | CWE-807 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-11-04T12:29:20.563Z
Updated: 2024-11-04T14:59:07.883Z
Reserved: 2024-10-29T12:55:06.456Z
Link: CVE-2024-51561
Vulnrichment
Updated: 2024-11-04T14:59:03.207Z
NVD
Status : Awaiting Analysis
Published: 2024-11-04T13:17:05.963
Modified: 2024-11-04T18:50:05.607
Link: CVE-2024-51561
Redhat
No data.