This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
63moons
63moons aero 63moons wave 2.0 |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* |
|
Vendors & Products |
63moons
63moons aero 63moons wave 2.0 |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Brokeragetechnologysolutions
Brokeragetechnologysolutions aero |
|
CPEs | cpe:2.3:a:brokeragetechnologysolutions:aero:*:*:*:*:*:*:*:* | |
Vendors & Products |
Brokeragetechnologysolutions
Brokeragetechnologysolutions aero |
|
Metrics |
ssvc
|
Mon, 04 Nov 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts. | |
Title | Authentication bypass Vulnerability in Aero | |
Weaknesses | CWE-807 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-11-04T12:29:20.563Z
Updated: 2024-11-04T14:59:07.883Z
Reserved: 2024-10-29T12:55:06.456Z
Link: CVE-2024-51561
Vulnrichment
Updated: 2024-11-04T14:59:03.207Z
NVD
Status : Analyzed
Published: 2024-11-04T13:17:05.963
Modified: 2024-11-06T15:59:22.287
Link: CVE-2024-51561
Redhat
No data.